BTLO Replay: DRILLDOWN | Threat Hunting Lab Walkthrough

Описание: Welcome to BTLO Replay, a video series that will take you through retired BTLO labs. Videos posted every Friday at 6pm BST.

This week’s lab is DRILLDOWN, a security operations investigation that utilizes Splunk and VirusTotal.

Difficulty: Medium

The DRILLDOWN scenario:

Your organization doesn’t use Amazon Web Services, so when a Threat Hunter starts seeing connections to multiple EC2 instances, it’s time to start hunting to understand what happened. This information can then be passed to the incident response team, and indicators can be gathered for intelligence sharing.

00:00 – Scenario and intro
1:53 – Question 1
5:49 – Question 2
9:48 – Question 1 and 2 summary
12:13 – Question 3
12:54 – Question 4
14:02 – Question 5
14:45 – Question 6
15:19 – Question 7
19:49 – Question 8
21:31 – Question 9
24:03 – Question 10
29:11 – Question 11
29:43 – Question 12
30:47 – Question 13
31:14 – Question 14
33:40 – Suricata
34:34 – Summary

--

Powered by global blue team training provider, Security Blue Team, BTLO is a gamified platform for defenders to sharpen their skills during engaging security investigation and challenge scenarios.

The BTLO Replay series takes viewers through walkthroughs of retired labs. Visit the BTLO website to take on these challenges for yourself and discover new labs launching regularly.

SUBSCRIBE:    / @blueteamlabsonline  
WEBSITE: https://blueteamlabs.online/
DISCORD:   / discord  
TWITTER:   / bluelabsonline  
LINKEDIN:   / blue-team-labs-online