Black Basta

Black Basta is a blue team lab that falls under the Threat Hunting category and will cover the following subjects: CyberChef, Splunk, ELK, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Discovery, Lateral Movement, Command and Control, Impact.

Learning Objectives

Correlate Sysmon, Windows event logs, and PowerShell history to reconstruct a multi-stage Black Basta ransomware attack, identifying initial access, persistence, C2, exfiltration, and impact.

Categories: Threat Hunting.

MITRE ATT&CK Tactics: Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Discovery, Lateral Movement, Command and Control, Impact.

Tools: Splunk, ELK, CyberChef.

Difficulty: medium.