MarkShell - TA577

MarkShell - TA577 is a blue team lab that falls under the Threat Hunting category and will cover the following subjects: CyberChef, Detect It Easy, Splunk, IDA, PEStudio, scdbg, CobaltStrikeParser, Reconnaissance, Execution, Privilege Escalation, Defense Evasion, Credential Access, Lateral Movement.

Learning Objectives

Investigate a multi-stage phishing intrusion from initial access through domain compromise, persistence, and C2 deployment.

Categories: Threat Hunting.

MITRE ATT&CK Tactics: Reconnaissance, Execution, Privilege Escalation, Defense Evasion, Credential Access, Lateral Movement.

Tools: CyberChef, Detect It Easy, Splunk, IDA, PEStudio, scdbg, CobaltStrikeParser.

Difficulty: hard.