Member-only story
THM - XDR: Operation Global Dagger
4 min readOct 5, 2025
A writeup for “XDR: Operation Global Dagger” on TryHackMe
Investigate and detect potential threats across your environment.
The room involves investigating a security incident using Microsoft Defender XDR.
Firstly, we need to log in to the lab instance by following the tutorial in the room description.
Once inside, go to the Incidents page and look for incident ID 49.
The incident description reads: ‘Hands-on keyboard attack was launched from a compromised account (attack disruption)’.
Make sure you increase the time range, otherwise it may not be visible.
Press enter or click to view image in full size![]()
Press enter or click to view image in full size![]()
What is the name of the threat found on the “PowerSploit post-exploitation tool”…
