All courses
Hamburger Icon
  • Labs icon Lab
  • Security
Google Cloud Platform icon
Labs

Endpoint System Logs: Cryptominer Analysis

In this lab, you’ll investigate a host that’s exhibiting signs of being compromised by a Cryptominer. As this lab focuses on a real-world scenario, the Indicators of Compromise (IoCs) that you’ll uncover will be heavily related to a threat actor named Rocke. You’ll investigate a Rocke-like campaign by diving into the Linux Auditing System’s logs. Even better, you’ll learn how to easily parse these logs through osquery!

Get started Contact sales
Google Cloud Platform icon
Labs

Path Info

Rating
(20 reviews)
Level
Clock icon Intermediate
Duration
Clock icon 1h 50m
Published
Clock icon Jan 30, 2025

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Table of Contents

  1. Challenge

    Linux Audit Framework: Introduction

    In this challenge, you’ll learn how to threat hunt via the Linux Auditing System.

  2. Challenge

    Linux Audit Framework: Event Searching

    In this challenge, you’ll search for Kernel events related to MITRE’s Initial Access tactic.

  3. Challenge

    osquery: Initial Access Threat Hunting

    In this challenge, you’ll learn about osquery and how to use osquery for threat hunting. In particular, you’ll leverage MITRE’s Initial Access technique to hunt for signs of compromise.

  4. Challenge

    osquery: Persistence Threat Hunting

    In this challenge, you’ll learn about osquery and how to use osquery for threat hunting. In particular, you’ll leverage MITRE’s Persistence technique to hunt for signs of compromise.

  5. Challenge

    The Last Challenge

    This is the last challenge of this lab and your last chance to experience the environment for additional practice. When you click Finish lab, it will close the lab environment window and end this small little world that flittered into existence just for you.

Zach Roof - Labs - Zach R.
Author
Zach Roof

Zach’s curiosity has led him to roles in Software Development, DevOps, and Security. By drawing on these fields, Zach’s goal is to empower learners with a unique, cross-discipline skill set.

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Provided environment for hands-on practice

We will provide the credentials and environment necessary for you to practice right within your browser.

Guided walkthrough

Follow along with the author’s guided walkthrough and build something new in your provided environment!

Did you know?

On average, you retain 75% more of your learning if you get time for practice.
Ready to get started?
View individual plans View team plans