↓↓↓ Click here and earn $5 TryHackMe credit ↓↓↓

Find the room here: https://tryhackme.com/r/room/threatemulationintro

Task 1 Introduction

Red and Blue Teams are essential in identifying, detecting and addressing vulnerabilities. In a continually evolving threat landscape, security operations centres (SOC) need to reduce the impact of the cyber security skills gap, gain confidence in their ability to prevent a data breach, and get real-world training through experience. This can be facilitated through effective collaboration between the teams while addressing security breaches and during training and emulation practices. Understanding the difference between cyber security simulation and emulation can help you build a more robust threat detection and response program that strengthens security.

Let's get into emulation.

No answer needed

Task 2 What is Threat Emulation?

What can be defined as an intelligence-driven impersonation of real-world attacks?

Threat emulation

What is the exercise of representing adversary functions through predefined and automated attack patterns?

threat simulation

Task 3 Emulation Methodologies

Under TIBER-EU, under which phase would Engagement and Scoping fall?

preparation

What is the library that provides technical emulation tests based on TTPs?

Atomic Red Team

Task 4 Threat Emulation Process I

There's a set of 3 software used by FIN6 & FIN7. Can you identify them? Answers are in alphabetical order, separated by a comma.

adfind, cobalt strike, mimikatz

Which factor will be considered when analysing whether to use existing or custom tools during the emulation?

TTP Complexity

Task 5 Threat Emulation Process II

The emulation plan component determining which activities are to be conducted is known as the?

scope

What is flag one obtained after completing the exercise?

THM{C4RB0N_$P1D3R_1$_F1N7}

What is flag two obtained after completing the exercise?

THM{3$P1ON4G3_F0R_R34P3R}

Task 6 Threat Emulation Process III

Click the View Site button at the top of the task to launch the static site. What is flag three obtained after completing the exercise?

THM{D3F3NC3_1N_3MUL4T10N}

What is flag four obtained after completing the exercise?

THM{S3CUR3_4LL_W3B_4553T5}

Task 7 Conclusion

Power to Threat Emulation.

No answer needed

↓↓↓ Click here and earn $5 TryHackMe credit ↓↓↓