StarkTech Incident - APT41

StarkTech Incident - APT41 is a blue team lab that falls under the Threat Hunting category and will cover the following subjects: Event Log Explorer, DB Browser for SQLite, Registry Explorer, Splunk, Eric Zimmerman Tools, FTK Imager, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Lateral Movement, Collection, Command and Control, Exfiltration.

Learning Objectives

Reconstruct a multi-stage attack timeline by analyzing Sysmon and Windows event logs in Splunk to identify attacker tactics from initial access to data exfiltration.

Categories: Threat Hunting.

MITRE ATT&CK Tactics: Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Lateral Movement, Collection, Command and Control, Exfiltration.

Tools: Event Log Explorer, DB Browser for SQLite, Registry Explorer, Splunk, Eric Zimmerman Tools, FTK Imager.

Difficulty: medium.