Threat Hunting Lab 1

Situational Awareness

Good morning everyone,

Here is the first lab. The scenario questions can be found here: https://github.com/medmondson44/Threat_Hunting_Labs/blob/main/Lab_1

The Kape file to parse can be downloaded here: https://drive.google.com/file/d/1ePxTOOi7386mi8S_rj7CdE6nfH_lVy3d/view?usp=sharing

The above Google Drive link contains a Kape triage file. I suggest downloading it in a VM and use Eric Zimmerman’s Kape tools as well as Timeline Explorer or any other tool you would use to analyze. I highly suggest downloading the Sift Workstation from Sans.

Happy Hunting!