In this exercise you are responsible for protecting You have always been reactive in investigations after the attack was discovered by customers or other employees. Now you want to be on the offensive and be more proactive and find the attacker as early as possible in the attack kill chain during the setup and weaponization phases.


Look at your own infrastructure and see what is normal or legitimate. You will leverage new threat hunting techniques to identify suspicious or malicious infrastructure used by threat actors.


You will have two objectives to accomplish during this investigation.

Objective 1: Which data set could be helpful in finding malicious infrastructure?

Objective 2: Identify common techniques shared amongst results in order to find more malicious content.


First search: Perform a search for

Step by Step Video