BumbleBee - GOLD CABIN

BumbleBee - GOLD CABIN is a blue team lab that falls under the Threat Hunting category and will cover the following subjects: Splunk, ELK, SIEM, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration, Impact.

Learning Objectives

Correlate Windows event logs and Sysmon data across enterprise systems using ELK to reconstruct a multi-stage cyber attack from initial access to ransomware.

Categories: Threat Hunting.

MITRE ATT&CK Tactics: Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration, Impact.

Tools: Splunk, ELK, SIEM.

Difficulty: medium.