Detecting AD Post-Exploitation
Premium roomDiscover how to detect Post-Exploitation activity in an AD environment.
medium
To access material, start machines and answer questions login.
As a result of a successful domain compromise, a threat actor can proceed with their actual goals - whether it is long-term access for espionage purposes, ransomware deployment and encryption, data theft, or data destruction. In this room, we will review these scenarios from a team perspective and understand why the attacker pursues them and how they can be detected.
Learning Objectives
- Understand how attackers perform post-exploitation activities
- Explore long-term techniques in environments
- Learn how threat actors deploy ransomware in enterprise networks
- Understand how wiping and data destruction techniques are executed
Prerequisites
It is suggested to complete the following rooms first before proceeding:
Lab Access
Before proceeding, start the lab by clicking the Start Machine button below. You will then have access to the Web Interface.
To access , please follow this link: https://LAB_WEB_URL.p.thmlabs.com (opens in new tab). Please wait 4-5 minutes for the instance to launch. Use 's All Time range to search. The indexes where logs are stored for each practical exercise are present in each task.
Set up your virtual environment
Let's go!
Ready to learn Cyber Security?
The Detecting AD Post-Exploitation room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in