PaloAltoRCE - UTA0218

PaloAltoRCE - UTA0218 is a blue team lab that falls under the Threat Hunting category and will cover the following subjects: ELK, Reconnaissance, Initial Access, Execution, Persistence, Command and Control, Exfiltration.

Learning Objectives

Reconstruct a Palo Alto RCE attack timeline by analyzing firewall logs in ELK, identifying initial access, reverse shell, persistence, and data exfiltration artifacts.

Categories: Threat Hunting.

MITRE ATT&CK Tactics: Reconnaissance, Initial Access, Execution, Persistence, Command and Control, Exfiltration.

Tools: ELK.

Difficulty: hard.