Open in app

Sign in

Write

Sign in

TryHackMe — Search Skills | Cyber Security 101

Evaluation of Search results

Sultan Ahmmed
4 min readJust now

On the Internet, everyone can publish their writings. It can be in the form of blog posts, articles, or social media posts. It can be even in more subtle ways, such as by editing a public wiki page. This ability makes it possible for anyone to voice their unfounded claims. Everyone can express their opinion about best cyber security practices, future programming trends, and how to best prepare for a DevSecOps interview.

It is our job, as readers, to evaluate the information. We will mention a few things to consider when evaluating information:

  • Source: Assess the credibility of the author or organization.
  • Evidence and reasoning: Look for claims supported by credible evidence and logical arguments.
  • Objectivity and bias: Determine if the information is presented impartially, without agendas.
  • Corroboration and consistency: Validate claims with support from multiple independent sources.

Answer the questions below — — — — — — — — — — — — — — — — — — —

What do you call a cryptographic method or product considered bogus or fraudulent?

Snake oil

What is the name of the command replacing netstat in Linux systems?

ss

Search Engines

Every one of us has used an Internet search engine; however, not everyone has tried to harness the full power of an Internet search engine. Almost every Internet search engine allows you to carry out advanced searches. Consider the following examples:

Let’s consider the search operators supported by Google.

  • "exact phrase": Double quotes indicate that you are looking for pages with the exact word or phrase. For example, one might search for "passive reconnaissance" to get pages with this exact phrase.
  • site:: This operator lets you specify the domain name to which you want to limit your search. For example, we can search for success stories on TryHackMe using site:tryhackme.com success stories.
  • -: The minus sign allows you to omit search results that contain a particular word or phrase. For example, you might be interested in learning about the pyramids, but you don’t want to view tourism websites; one approach is to search for pyramids -tourism or -tourism pyramids.
  • filetype:: This search operator is indispensable for finding files instead of web pages. Some of the file types you can search for using Google are Portable Document Format (PDF), Microsoft Word Document (DOC), Microsoft Excel Spreadsheet (XLS), and Microsoft PowerPoint Presentation (PPT). For example, to find cyber security presentations, try searching for filetype:ppt cyber security.

You can check more advanced controls in various search engines in this advanced search operators list; however, the above provides a good starting point. Check your favourite search engine for the supported search operators.

How would you limit your Google search to PDF files containing the terms cyber warfare report?

filetype:pdf cyber warfare report

What phrase does the Linux command ss stand for?

socket statistics

Specialized Search Engines

You are familiar with Internet search engines; however, how much are you familiar with specialized search engines? By that, we refer to search engines used to find specific types of results.

Shodan

Shodan is a search engine for discovering internet-connected devices, including servers, routers, and IoT devices. It allows users to search by device type, software version, or location, making it a valuable tool for cybersecurity professionals to identify vulnerabilities and analyze global internet trends.

Censys

Censys is similar to Shodan but focuses on internet-connected hosts, websites, certificates, and assets rather than just devices. It helps users enumerate domains, audit open ports and services, and find rogue assets within a network. Censys is widely used for security assessments and discovering exposed internet resources.

VirusTotal

VirusTotal is an online service that scans files and URLs using multiple antivirus engines. Users can upload files, submit URLs, or check file hashes for malware detection. It provides results from over 60 antivirus tools, and community comments help clarify false positives or offer additional insights.

Have I Been Pwned

Have I Been Pwned (HIBP) is a service that checks if an email address has appeared in a data breach. Finding your email in a breach indicates that private information, including passwords, may have been exposed. Since many users reuse passwords across platforms, a single breach can compromise multiple accounts.

Answer the questions below — — — — — — — — — — — — — — — — — — — — — -

What is the top country with lighttpd servers?

United States

What does BitDefenderFalx detect the file with the hash 2de70ca737c1f4602517c555ddd54165432cf231ffc0e21fb2e23b9dd14e7fb4 as?

Android.Riskware.Agent.LHH

Vulnerabilities and Exploits

The Common Vulnerabilities and Exposures (CVE) program assigns unique identifiers to security vulnerabilities in software and hardware, such as CVE-2024–29988. Managed by MITRE, CVE ensures consistent tracking of vulnerabilities across the cybersecurity community. For more details or to search CVEs, visit the CVE Program or NVD websites.

Exploit Database

Exploiting a vulnerable application should only be done with permission, typically through a legal agreement. Resources like the Exploit Database and GitHub are useful for finding working exploit codes. GitHub hosts tools, proof-of-concept (PoC), and exploit codes related to vulnerabilities, like the Heartbleed vulnerability shown below.

Answer the questions below — — — — — — — — — — — — — — — — — — — — -

What utility does CVE-2024–3094 refer to?

xz

Technical Documentation

What does the Linux command cat stand for?

concatenate

What is the netstat parameter in MS Windows that displays the executable associated with each active connection and listening port?

-b

Social Media

Answer the questions below:

You are hired to evaluate the security of a particular company. What is a popular social media website you would use to learn about the technical background of one of their employees?

LinkedIn

Continuing with the previous scenario, you are trying to find the answer to the secret question, “Which school did you go to as a child?”. What social media website would you consider checking to find the answer to such secret questions?

Facebook

That’s All for this section! If you find it helpful then follow and Subscribe to join the journey to learn new things daily.

#Cybersecurity #TryHackMe #SearchSkills

Cybersecurity
Tryhackme
Search Skill

--

--

Sultan Ahmmed

Written by Sultan Ahmmed

0 Followers

Words are my way of expressing emotion.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams