GhostConnect - TA583 is a blue team lab that falls under the Threat Hunting category and will cover the following subjects: DB Browser for SQLite, Splunk, VirusTotal, Initial Access, Execution, Discovery, Collection.
Learning Objectives
Hunt Sysmon process trees, Chrome browsing artifacts, and Mark-of-the-Web streams to rebuild a the full kill chain from phishing delivery through AD enumeration to HTTPS exfiltration.