T1197 is a blue team lab that falls under the Threat Hunting category and will cover the following subjects: Splunk, ELK, Execution, Persistence, Privilege Escalation, Defense Evasion.
Learning Objectives
Analyze Windows event logs in Splunk to identify T1197 BITS abuse, LOLBAS usage, attacker IP, and persistence mechanisms.