RansomHub is a blue team lab that falls under the Threat Hunting category and will cover the following subjects: DB Browser for SQLite, Notepad++, Splunk, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Command and Control, Exfiltration, Impact.
Learning Objectives
Reconstruct RansomHub ransomware attack chain by correlating Splunk logs and disk artifacts to identify password spray, lateral movement, data exfiltration, and ransomware deployment tactics.