Apply threat intelligence to red team engagements and adversary emulation.
THM Room https://tryhackme.com/room/redteamthreatintel
TASK 1 : Introduction
Read the above and continue to the next task.
No Answer
TASK 2 : What is Threat Intelligence
Read the above and continue to the next task.
No Answer
TASK 3 : Applying Threat Intel to the Red Team
Read the above and continue to the next task.
No Answer
TASK 4 : The TIBER-EU Framework
Read the above and continue to the next task.
No Answer.
TASK 5 : TTP Mapping
Read the above and use MITRE ATT&CK Navigator to answer the questions below using a Carbanak layer.
No Answer.
How many Command and Control techniques are employed by Carbanak?
Find Carbanak on mitre : here https://mitre-attack.github.io/attack-navigator//#layerURL=https%3A%2F%2Fattack.mitre.org%2Fgroups%2FG0008%2FG0008-enterprise-layer.json
Answer : 2
What signed binary did Carbanak use for defense evasion?
Answer : rundll32
What Initial Access technique is employed by Carbanak?
Answer : valid account
TASK 6 : Other Red Team Applications of CTI
Read the above and continue to the next task.
No Answer.
TASK 7 : Creating a Threat Intel Driven Campaign
Open the provided ATT&CK Navigator layer and identify matched TTPs to the cyber kill chain. Once TTPs are identified, map them to the cyber kill chain in the static site. To complete the challenge, you must submit one technique name per kill chain section. Once the chain is complete and you have received the flag, submit it below.
Answer : THM{7HR347_1N73L_12_4w35om3}
What web shell is APT 41 known to use?
From APT41 https://attack.mitre.org/groups/G0096/ :
Answer : ASPXSpy
What LOLBAS (Living Off The Land Binaries and Scripts) tool does APT 41 use to aid in file transfers?
Answer : certutil
What tool does APT 41 use to mine and monitor SMS traffic?
Answer : MESSAGETAP
TASK 8 : Conclusion
Read the above and continue learning!
No Answer.