TryHackMe Benign Walkthrough | Splunk Investigation Tutorial

#TryHackMe #Splunk #CyberSecurity #BlueTeam Master Splunk investigation skills with this complete, step‑by‑step walkthrough of the TryHackMe: Benign room. In this video, we analyze host‑centric Windows Event Logs, identify a compromised HR workstation, uncover an imposter account, detect LOLBIN‑based payload download, and answer every challenge question using real Splunk queries. Perfect for cybersecurity beginners and intermediate analysts learning Splunk, Windows event forensics, LOLBIN investigation, and incident response. 🔍 What You Will Learn in This Walkthrough ✔ How to search and filter Windows Event Logs in Splunk ✔ Investigating suspicious process execution (Event ID 4688) ✔ Detecting fake/imposter accounts using SPL ✔ Finding scheduled task execution by HR department users ✔ Identifying malicious certutil.exe usage ✔ How attackers download payloads using LOLBINs ✔ Analyzing C2 activity and malicious file downloads ✔ Understanding command-line artifacts ✔ Answering all TryHackMe challenge questions 📝 Challenge Answers Covered Total logs from March 2022: 13,959 Imposter account: Amel1a HR user running scheduled tasks: Chris.fort HR user downloading payload via LOLBIN: haroon LOLBIN used: certutil.exe Execution date: 2022‑03‑04 Third‑party download site: controlc.com Saved file name: benign.exe Malicious content flag: *THM{KJ&H^B0} 🎓 Why Watch This Video? This walkthrough is ideal if you are preparing for: SOC Analyst roles DFIR / Incident Response practicals Splunk Blue Team workflows TryHackMe or cybersecurity labs Windows log analysis training 👍 If you found this video helpful, like & subscribe for more: Splunk tutorials Windows forensics labs Blue team investigation guides TryHackMe & HackTheBox walkthroughs SOC Analyst practical exercises #DFIR #WindowsForensics #ProcessInvestigation #LOLBIN #Certutil #SOCAnalyst #THMWalkthrough