CredSnare - Angry Likho APT

CredSnare - Angry Likho APT is a blue team lab that falls under the Threat Hunting category and will cover the following subjects: Event Log Explorer, DB Browser for SQLite, Registry Explorer, MFTECmd, Splunk, Eric Zimmerman Tools, Autopsy, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Collection.

Learning Objectives

Correlate Splunk logs and filesystem artifacts from a workstation and domain controller to reconstruct an attack chain involving Kerberos delegation and credential theft.

Categories: Threat Hunting.

MITRE ATT&CK Tactics: Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Collection.

Tools: Event Log Explorer, DB Browser for SQLite, Registry Explorer, MFTECmd, Splunk, Eric Zimmerman Tools, Autopsy.

Difficulty: medium.