TryHackMe Network Discovery Detection - Full Walkthrough 2025

Understand how attackers discover assets in a network, and how to detect that activity. 🏷️🏷️ Room Link: https://tryhackme.com/room/networkdiscoverydetection 🚩 Learning Objectives 🚩 By the end of this room, we aim to understand: 🍃 What is network discovery 🍃 Why attackers perform network discovery 🍃 What are the different types of network discovery 🍃 How network discovery techniques work, and how we can detect them 🚩 Room Tasks: 🚩 🍐 [00:00] Task 1: Introduction 🐧 [02:25] Task 2: Network Discovery - What do attackers scan, other than, IP addresses, ports, and OS version, in order to identify vulnerabilities in a network? 🦁 [05:23] Task 3: External vs Internal Scanning - Which file contains logs that showcase internal scanning activity? - How many log entries are present for the internal IP performing internal scanning activity? - What is the external IP address that is performing external scanning activity? 🐣 [13:06] Task 4: Horizontal vs Vertical Scanning - One of the log files contains evidence of a horizontal scan. Which IP range was scanned? Format X.X.X.X/X - In the same log file, there is one IP address on which a vertical scan is performed. Which IP address is this? - On one of the IP addresses, only a few ports are scanned which host common services. Which are the ports that are scanned on this IP address? Format: port1, port2, port3 in ascending order. 🐓 [25:57] Task 5: The Mechanics of Scanning, Ping Sweep, TCP SYN Flows, UDP Scan (Using Elastic / Kibana instance) - Which source IP performs a ping sweep attack across a whole subnet? - The zeek.conn.conn_state value shows the connection state. Using the information provided by this value, identify the type of scan being performed by 203.0.113.25 against 192.168.230.145 - Is there any UDP scanning attempt in the logs? Y/N 🦏 [35:52] Task 6: Conclusion 👍 👍 This content is for educational and authorized penetration testing purposes only. Always ensure you have permission before testing on any systems. Don't forget to 👍 LIKE and 🔔 SUBSCRIBE for more cybersecurity tutorials! #tryhackme