The first workshop of the PurpleLabs series generated a great deal of interest in the scope of detection and threat hunting!
We need to keep learning how adversaries are operating, so after a good introduction to the subject, it’s time for the next step.

During hands-on session #2, Leszek is going to demonstrate how to create and simulate chain attack steps:

• Rundll32 communicating with public IP addresses
• CMSTP Execution
• Mshta executing VBScript
• Disabling Windows Defender / modifying Windows Firewall
• Suspicious non-browser attempts to access suspicious URL
• Suspicious scheduled task creation
• Powershell execution with IP arguments
• Malicious Named Pipe
• Suspicious Linux Reverse Shell Command Line
• Linux kernel space rootkit
• and more

Watch it here:

https://sectrain.hitb.org/courses/leszek-workshop-16-march/