Ignoble Scorpius APT

Ignoble Scorpius APT is a blue team lab that falls under the Threat Hunting category and will cover the following subjects: Splunk, ELK, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Impact.

Learning Objectives

Apply Attack-Based Hunting principles to Splunk logs, correlating Windows and Sysmon data to identify and reconstruct a multi-stage ransomware attack.

Categories: Threat Hunting.

MITRE ATT&CK Tactics: Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Impact.

Tools: ELK, Splunk.

Difficulty: insane.