- Lab
- Security
![Labs Labs](/etc.clientlibs/ps/clientlibs/clientlib-site/resources/images/labs/lab-icon.png)
Threat Hunting: Network IOCs
In this lab, you will develop essential forensic investigation skills by analyzing network traffic, performing file system forensics, and conducting memory analysis to detect Indicators of Compromise (IOCs). By the end of the session, you will be proficient in identifying malicious activities within network captures, detecting hidden malware and persistence mechanisms in disk images, and uncovering suspicious processes and code injections in memory dumps. These techniques will enhance your ability to anticipate, identify, and respond to security incidents effectively.
![Labs Labs](/etc.clientlibs/ps/clientlibs/clientlib-site/resources/images/labs/lab-icon.png)
Path Info
Table of Contents
-
Challenge
Getting Started in the Lab Environment
Here are the initial instructions and explanation of the lab environment. Read this while your environment is busy creating itself from nothing. Yes, this violates physics; we know. How fun!
-
Challenge
Network Traffic Analysis for Malicious Activity
You will first be guided through the process of analyzing network traffic to identify Indicators of Compromise (IOCs) such as malicious IP addresses, suspicious domains, and URLs. You will learn how to use tools like Wireshark and Tshark to filter, examine, and interpret network traffic data. The focus will be on recognizing and interpreting common attack patterns, such as phishing, command-and-control (C2) communications, and data exfiltration attempts.
-
Challenge
File System Forensics for Malware Detection
In this challenge, you will perform file system forensics on a compromised disk image to identify Indicators of Compromise (IOCs) such as malicious files, suspicious file paths, modified timestamps, and persistence mechanisms. The challenge will focus on using tools like Sleuth Kit to explore the file system, analyze file metadata, and detect hidden malware. You will also learn how to hash files for comparison against known malware signatures and detect tampered files.
-
Challenge
Memory Analysis for Live IOC Detection
To finish off, you will focus on memory forensics, where participants will analyze a captured memory image to identify Indicators of Compromise (IOCs) such as suspicious running processes, injected code, and unauthorized network connections. Participants will use Volatility to explore the memory image, detecting signs of active or past compromise. The challenge will also cover techniques for identifying persistence mechanisms and cross-referencing memory artifacts with known IOCs.
-
Challenge
The Last Challenge
Welcome to the final challenge! This is your last chance to experiment in the environment. Clicking Finish Lab will end this little world that flittered into existence just for you.
What's a lab?
Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.
Provided environment for hands-on practice
We will provide the credentials and environment necessary for you to practice right within your browser.
Guided walkthrough
Follow along with the author’s guided walkthrough and build something new in your provided environment!
Did you know?
On average, you retain 75% more of your learning if you get time for practice.