Threat Hunting
Threat Hunting
Threat hunting challenges focusing on proactively searching for threats, identifying indicators of compromise, and detecting advanced persistent threats in enterprise environments.
What You'll Learn
- Proactive threat hunting methodologies
- SIEM and log analysis for threat detection
- Hunting for APTs and insider threats
- IOC and TTPs identification using MITRE ATT&CK
- Anomaly detection and behavioral analysis
Prerequisites
- Understanding of attack techniques and MITRE ATT&CK framework
- Familiarity with SIEM tools and log analysis
- Basic knowledge of threat intelligence and IOCs
- Understanding of common adversary tactics and procedures
All Content
Doom
The organization suddenly discovered that critical files across system devices were encrypted, with ransom notes found on affected machines, indicating a ransomware attack. The encryption impacted the Domain Controller, file servers, and multiple workstations simultaneously across the entire domain.
Double Dragon
On August 25, 2025, CoreTech's SOC spotted unusual activity on a workstation, hinting at a breach. Suspicious processes and network activity spread to critical servers, threatening data and systems.
GoldenSpray
As a cybersecurity analyst at SecureTech Industries, you've been alerted to unusual login attempts and unauthorized access within the company's network. Initial indicators suggest a potential brute-force attack on user accounts.
Ignoble Scorpius
Your organization has fallen victim to a sophisticated ransomware attack involving, attributed to the financially motivated threat actor group Ignoble Scorpius.
Latrodectus LunarSpider
On October 16, 2025, CorpLocal's security team spotted a single workstation acting up, followed by a ransom note and proof of massive data theft.
Nitrogen
On September 10, 2025, trustwave.lab's SOC team identified suspicious activity originating from a user workstation.
RansomHub
On October 19, 2025, the SOC team detected anomalous RDP authentication patterns on a public-facing workstation, including hundreds of failed login attempts followed by successful authentications from an unknown external IP address.
Revil
You are a Threat Hunter working for a cybersecurity consulting firm. One of your clients has been recently affected by a ransomware attack that caused the encryption of multiple of their employees' machines.
ShadowRoast
As a cybersecurity analyst at TechSecure Corp, you have been alerted to unusual activities within the company's Active Directory environment.