I just finished the Snort Challenge – Live Attacks room on TryHackMe, which threw me into a simulated environment where real cyberattacks were happening against a machine I had to defend. The challenge was all about using Snort, a popular intrusion detection and prevention system, to spot and stop those attacks in real time. In the first scenario, I had to recognize a brute-force attack against SSH, where an attacker kept hammering away at login attempts. I learned how to run Snort in packet-sniffing mode, dig through the network traffic to find the attacker’s IP, and then write a custom Snort rule to block it.
The second scenario was a bit trickier—a reverse shell attack, where the attacker tried to open a backdoor connection on the system using a common hacker trick on port 4444. Again, I had to identify the suspicious traffic, craft a rule to cut it off, and then put Snort into prevention mode so it actively stopped the attack. Both scenarios ended with flags that confirmed I had successfully defended the system. By the end of the challenge, I walked away with hands-on experience in detecting and blocking live threats with Snort, and a much clearer understanding of how intrusion prevention systems can be used to stop cyberattacks in their tracks.