BTLO Replay: ERADICATION | Incident Response Lab Walkthrough

Описание: Welcome to BTLO Replay, a video series that will take you through retired BTLO labs. Videos posted every Friday at 6pm BST.

This week’s lab is ERADICATION, an incident response investigation that Yara and Joes Sandbox.

Difficulty: Easy

The ERADICATION scenario:

A threat actor has compromised a system and hidden a number of files. You need to generate a Yara rule to identify the presence of additional binaries based on a collected sample, and then write a custom rule using simple IOCs to identify another type of malware.

0:00 – Scenario and intro
1:30 – Overview
1:38 – Read me
3:01 – Pt. 1 Question 1
5:58 – Pt. 1 Question 2
10:15 – Pt. 1 Question 3
11:51 – Pt. 2 Question 4
18:39 – Pt 2. Question 5
21:00 – Summary

--

Powered by global blue team training provider, Security Blue Team, BTLO is a gamified platform for defenders to sharpen their skills during engaging security investigation and challenge scenarios.

The BTLO Replay series takes viewers through walkthroughs of retired labs. Visit the BTLO website to take on these challenges for yourself and discover new labs launching regularly.

SUBSCRIBE:    / @blueteamlabsonline  
WEBSITE: https://blueteamlabs.online/
DISCORD:   / discord  
TWITTER:   / bluelabsonline  
LINKEDIN:   / blue-team-labs-online