Skip
header-5

ITU Led Scenario Based Exercise

APT DFIR & Threat Hunting 
18th January, The Pavilion at Dubai World Trade Centre
14:00 - 16:30

NucleoEnergetix Company engaged in Nuclear Science Research and Technology received a report that there was an anomaly attack on its infrastructure. Nation state threat actor (APT Group X) targeting ABC Organization in a country. They are leveraging advanced TTPs to infiltrate the targeted organization. S-DART Samurai Detection and Response Team as a team formed by NucleoEnergetix Company moves quickly to perform Digital Forensic and Incident Response (DFIR) investigation for this security incident. You as S-DART analyze and discover what happened in the attack targeting NucleoEnergetix Company. They have successfully perform data exfiltration, and utilizing their command and control server to control the victim machine inside the organization.

Objectives & Outcomes:

After completing this scenario, you will be able to:

  • Understand the current and latest cyber security TTP (Tactic, Technique, Procedure) which is commonly used by the APT Threat Actor Group
  • Understanding of the Beacon characteristic and also the C2 Tools which used by the APT Threat Actor Group
  • Know where to looks the evidence and artifacts.
  • Understand the log analysis process performed during Digital Forensic and Incident Response investigation.
  • Getting to know what kind of valuable information can be gathered from a log files
  • Understand the effective and efficient procedure and mechanism to do the log analysis process and what are the clue and keyword to looks for signs of an intrusion activity
  • Having a new knowledge for tools which can be leveraged for log analysis during investigation process.

Prerequisites

In order to get full benefit from this scenario, it is suggested that you have competences in the following areas:

  • The central log management system used for this environment is the Elastic stack. Some knowledge on crafting kibana filters is useful but not required.
  • Basic understanding of Network Traffic Analysis
  • Basic understanding of Zeek Logs
  • Basic understanding of various Windows Event Log (Sysmon, Powershell, etc)
  • Basic understanding of DFIR tools and DFIR evidence
  • Participants to bring their own device (laptop) for active participation 

Led By: