THM - Windows Event Logs. A writeup for the room Windows Event… | by Francesco Pastore | Mar, 2025 | Medium

Member-only story
THM - Windows Event Logs
Francesco Pastore
3 min read·
Mar 26, 2025
--
A writeup for the room Windows Event Logs on TryHackMe
Introduction to Windows Event Logs and the tools to query them.
This writeup only covers the final challenge in Task 7 - Putting theory into practice.
https://tryhackme.com/room/windowseventlogs
Task 7 - Putting theory into practice1. What event ID is to detect a PowerShell downgrade attack?
You only need to do a Google search to find the answer.
Impair Defenses: Downgrade AttackAdversaries may downgrade or use a version of system features that may be outdated, vulnerable, and/or does not support…
attack.mitre.org
Investigating PowerShell Attacks"Huh, that's weird. Look at this system. I think the attacker used PowerShell." It was late summer 2012, and we were…
powershellmagazine.com
2. What is the Date and Time this attack took place?
Open the logs with Event Viewer and filter the results by the event ID found earlier.
--
--
Written by Francesco Pastore145 followers
·65 following
An engineering student in Milan and a web developer for an IT company. Write about programming and cybersecurity topics.
No responses yet
Help
Status
About
Careers
Press
Blog
Privacy
Rules
Terms
Text to speech