Windows Threat Detection 2
Premium roomDiscover how to detect and analyze the first steps of threat actors after breaching Windows.
medium
60 min
10,950
To access material, start machines and answer questions login.
After breaching a host, threat actors are faced with a choice: quietly establish a backdoor to maintain long-term access or take immediate action to achieve their objectives. This room covers the second approach and continues your Windows threat detection journey by exploring what typically follows the Initial Access, beginning with Discovery and Collection.
Learning Objectives
- Detect common Discovery techniques using Windows Event Log
- Learn how to trace the attack origin by reconstructing a process tree
- Find out what data threat actors look for and how they exfiltrate it
- See how the malicious commands are logged by running them yourself
Prerequisites
- Recall the basics of tactics and Windows logs
- Complete the previous room, Windows Threat Detection 1
- Be ready to continue your Windows threat detection journey
Lab Access
Before moving forward, start the lab by clicking the Start Machine button below. The will open in split view and will need about 2 minutes to fully load. In case the is not visible, you can click the Show Split View button at the top of the page.
Set up your virtual environment
Credentials
Alternatively, you can access the from your own -connected machine with the credentials below:
Let's start!
Ready to learn Cyber Security?
The Windows Threat Detection 2 room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in