In the world of cybersecurity, knowing how to search effectively is just as important as knowing how to code or exploit vulnerabilities. The "Search Skills" room on TryHackMe is a foundational module that teaches you how to navigate the vast ocean of online information using smart search techniques, specialized tools, and critical thinking.
This post walks you through each task in the room, explaining the concepts and how to find the answers.
Task 1: Introduction
This task sets the stage by emphasizing the importance of search skills. You're asked to search for "learn hacking" on Google and observe the number of results.
No answer required here, but it's a reminder of how overwhelming search results can be without proper filtering.
Task 2: Evaluation of Search Results
Q2.1: What do you call a cryptographic method or product considered bogus or fraudulent?
Answer: Snake Oil
In cybersecurity, "snake oil" refers to products that claim to offer security but are fundamentally flawed or deceptive.
Q2.2: What is the name of the command replacing netstat in Linux systems?
Answer: ss
ss (Socket Statistics) is faster and more informative than netstat.
Task 3: Search Engines
Q3.1: How would you limit your Google search to PDF files containing the terms cyber warfare report?
Answer: filetype:pdf cyber warfare report
Use filetype: to filter by document type.
Q3.2: What phrase does the Linux command ss stand for?
Answer: Socket Statistics
Task 4: Specialized Search Engines
Q4.1: What is the top country with lighttpd servers?
Answer: United States
Use Shodan to search for lighttpd and filter by country.
Q4.2: What does BitDefenderFalx detect the file with the given hash as?
Answer: Android.Riskware.Agent.LHH
Use VirusTotal to analyze the hash.
Task 5: Vulnerabilities and Exploits
Q5.1: What utility does CVE-2024-3094 refer to?
Answer: xz
Search the CVE ID on cve.mitre.org or NVD.
Task 6: Technical Documentation
Q6.1: What does the Linux command cat do?
Answer: Concatenate and display file content
Use
man catin a Linux terminal or search online for the manual page.
Q6.2: What parameter in Windows netstat shows the executable involved?
Answer: -b
Use netstat -b in Command Prompt (admin mode).
Task 7: Social Media
Q7.1: What platform is useful for learning about a company’s technical staff?
Answer: LinkedIn
OSINT investigators often use LinkedIn to gather professional info.
Q7.2: What platform might help find answers to secret questions?
Answer: Facebook
People often share personal details that can be used in social engineering.
Task 8: Conclusion
This task wraps up the room and encourages you to apply these skills in real-world scenarios. The ability to search smartly is a superpower in cybersecurity.
🧠 Final Thoughts
The "Search Skills" room is a must-do for anyone starting in cybersecurity. It teaches you how to:
Evaluate sources critically
Use advanced search operators
Leverage specialized tools like Shodan and VirusTotal
Navigate technical documentation
Perform OSINT using social media
Top comments (0)