Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the ultimate-blocks domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/margheri/public_html/wp-includes/functions.php on line 6121

Notice: _load_textdomain_just_in_time işlevi yanlış çağrıldı. Translation loading for the perfect-portfolio domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Ayrıntılı bilgi almak için lütfen WordPress hata ayıklama bölümüne bakın. (Bu ileti 6.7.0 sürümünde eklendi.) in /home/margheri/public_html/wp-includes/functions.php on line 6121
Tryhackme: Red Team Threat Intel - Aleyna Doğan

Tryhackme: Red Team Threat Intel

Apply threat intelligence to red team engagements and adversary emulation.

Task 5: TTP Mapping

5.2. How many Command and Control techniques are employed by Carbanak?

https://mitre-attack.github.io/attack-navigator//#layerURL=https%3A%2F%2Fattack.mitre.org%2Fgroups%2FG0008%2FG0008-enterprise-layer.json

2

5.3. What signed binary did Carbanak use for defense evasion?

Rundll32

5.4. What Initial Access technique is employed by Carbanak? 

Valid Accounts

Task 7: Creating a Threat Intel Driven Campaign

7.1. Open the provided ATT&CK Navigator layer and identify matched TTPs to the cyber kill chain. Once TTPs are identified, map them to the cyber kill chain in the static site.

To complete the challenge, you must submit one technique name per kill chain section.

Once the chain is complete and you have received the flag, submit it below. 

https://mitre-attack.github.io/attack-navigator//#layerURL=https%3A%2F%2Fattack.mitre.org%2Fgroups%2FG0096%2FG0096-enterprise-layer.json

  • Powershell
  • Spearphishing Attachment
  • External Remote Services
  • BITS Jobs
  • DNS
  • Keylogging

7.2. Answer questions below relating to needed engagement resources.

What web shell is APT 41 known to use?

https://attack.mitre.org/groups/G0096

ASPXSpy

7.3. What LOLBAS (Living Off The Land Binaries and Scripts) tool does APT 41 use to aid in file transfers?

certutil

7.4. What tool does APT 41 use to mine and monitor SMS traffic?

https://cloud.google.com/blog/topics/threat-intelligence/messagetap-who-is-reading-your-text-messages

MESSAGETAP

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir