NetSupport RAT - TA569

NetSupport RAT - TA569 is a blue team lab that falls under the Threat Hunting category and will cover the following subjects: Event Log Explorer, DB Browser for SQLite, Timeline Explorer, Splunk, Eric Zimmerman Tools, Autopsy, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection.

Learning Objectives

Reconstruct a sophisticated attack timeline by analyzing Windows logs, network traffic, and disk artifacts to identify initial access, persistence, and data exfiltration using Splunk and forensic tools.

Categories: Threat Hunting.

MITRE ATT&CK Tactics: Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection.

Tools: Event Log Explorer, DB Browser for SQLite, Timeline Explorer, Splunk, Eric Zimmerman Tools, Autopsy.

Difficulty: medium.