TeamCity Exploit - APT29

TeamCity Exploit - APT29 is a blue team lab that falls under the Threat Hunting category and will cover the following subjects: Notepad++, Event Log Explorer, Eric Zimmerman Tools, KAPE, NTFS Log Tracker, RegRipper, Sysinternals Suite, CyberChef, VsCode, 7zip, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Collection, Command and Control, Exfiltration, Impact.

Learning Objectives

Correlate Splunk logs and host forensic artifacts from triage images to reconstruct a multi-stage TeamCity compromise and identify attacker TTPs.

Categories: Threat Hunting.

MITRE ATT&CK Tactics: Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Collection, Command and Control, Exfiltration, Impact.

Tools: Notepad++, Event Log Explorer, Eric Zimmerman Tools, KAPE, NTFS Log Tracker, RegRipper, Sysinternals Suite, CyberChef, VsCode, 7zip.

Difficulty: insane.