Threat Hunting
Develop proactive detection skills by analyzing security logs, identifying advanced attack patterns, and uncovering hidden threats across enterprise environments.
REvil - GOLD SOUTHFIELD
Threat Hunting
Easy
1hr 15min
Analyze Sysmon logs in Elastic SIEM to investigate REvil ransomware attack behaviors, decode recovery sabotage commands, and identify IOCs including the C2 onion domain.
6 Questions
GoldenSpray
Threat Hunting
Medium
2hrs
Reconstruct a multi-stage intrusion timeline by analyzing Windows and Sysmon event logs within Elastic SIEM to identify key attack tactics, techniques, and procedures.
10 Questions
Kerberoasted
Threat Hunting
Medium
1hr
Detect, analyze, and respond to Kerberoasting attacks by investigating Kerberos logs, identifying compromised accounts, and uncovering attacker persistence methods.
9 Questions
ShadowRoast
Threat Hunting
Medium
1hr 30min
Investigate and analyze malicious activity in an Active Directory environment using log analysis and Splunk queries to identify initial access, persistence, lateral movement, and data exfiltration techniques.
8 Questions
ElasticCase
Threat Hunting
Medium
Investigate a simulated multi-stage attack to identify compromise and attacker activity using Elastic SIEM.
24 Questions
Black Basta
Threat Hunting
Medium
2hrs
Correlate Sysmon, Windows event logs, and PowerShell history to reconstruct a multi-stage Black Basta ransomware attack, identifying initial access, persistence, C2, exfiltration, and impact.
24 Questions
FalconEye
Threat Hunting
Medium
1hr
Learn to use Splunk for detecting, analyzing, and investigating cybersecurity threats through log analysis, threat hunting, privilege escalation, lateral movement, and advanced attack techniques.
13 Questions
Boss Of The SOC v1
Threat Hunting
Medium
Reconstruct multi-stage attack scenarios by analyzing Splunk logs and integrating OSINT from VirusTotal, ThreatCrowd, and WHOXY to identify TTPs and IOCs.
32 Questions
BumbleBee - GOLD CABIN
Threat Hunting
Medium
4hrs
Correlate Windows event logs and Sysmon data across enterprise systems using ELK to reconstruct a multi-stage cyber attack from initial access to ransomware.
29 Questions
LNKTrap
Threat Hunting
Medium
2hrs
Reconstruct a targeted cyber attack's timeline by analyzing Splunk event logs, process, and network data to identify initial access, persistence, privilege escalation, and C2.
20 Questions
Rhysida - Vice Society
Threat Hunting
Medium
3hrs
Reconstruct the Rhysida ransomware attack chain, identifying initial access, persistence, C2, and impact using Splunk and CyberChef.
22 Questions
Hafnium APT
Threat Hunting
Hard
Correlate Windows Defender, Sysmon, and Security logs in Elastic Stack to reconstruct HafinumAPT's initial access, persistence, and lateral movement TTPs.
27 Questions
Midnight RDP
Threat Hunting
Hard
Reconstruct a sophisticated intrusion's timeline by correlating Windows Event, Sysmon, and PowerShell logs in Splunk, identifying RDP-based initial access, persistence, privilege escalation, and C2.
20 Questions
Ignoble Scorpius APT
Threat Hunting
Unknown
10hrs
Apply Attack-Based Hunting principles to Splunk logs, correlating Windows and Sysmon data to identify and reconstruct a multi-stage ransomware attack.
43 Questions
TeamCity Exploit - APT29
Threat Hunting
Unknown
Correlate Splunk logs and host forensic artifacts from triage images to reconstruct a multi-stage TeamCity compromise and identify attacker TTPs.
43 Questions