↓↓↓ Click here and earn $5 TryHackMe credit ↓↓↓
Find the room here: https://tryhackme.com/r/room/threatemulationintro
Task 1 Introduction
Red and Blue Teams are essential in identifying, detecting and addressing vulnerabilities. In a continually evolving threat landscape, security operations centres (SOC) need to reduce the impact of the cyber security skills gap, gain confidence in their ability to prevent a data breach, and get real-world training through experience. This can be facilitated through effective collaboration between the teams while addressing security breaches and during training and emulation practices. Understanding the difference between cyber security simulation and emulation can help you build a more robust threat detection and response program that strengthens security.
Let's get into emulation.
No answer needed
Task 2 What is Threat Emulation?
What can be defined as an intelligence-driven impersonation of real-world attacks?
Threat emulation
What is the exercise of representing adversary functions through predefined and automated attack patterns?
threat simulation
Task 3 Emulation Methodologies
Under TIBER-EU, under which phase would Engagement and Scoping fall?
preparation
What is the library that provides technical emulation tests based on TTPs?
Atomic Red Team
Task 4 Threat Emulation Process I
There's a set of 3 software used by FIN6 & FIN7. Can you identify them? Answers are in alphabetical order, separated by a comma.
adfind, cobalt strike, mimikatz
Which factor will be considered when analysing whether to use existing or custom tools during the emulation?
TTP Complexity
Task 5 Threat Emulation Process II
The emulation plan component determining which activities are to be conducted is known as the?
scope
What is flag one obtained after completing the exercise?
THM{C4RB0N_$P1D3R_1$_F1N7}
What is flag two obtained after completing the exercise?
THM{3$P1ON4G3_F0R_R34P3R}
Task 6 Threat Emulation Process III
Click the View Site button at the top of the task to launch the static site. What is flag three obtained after completing the exercise?
THM{D3F3NC3_1N_3MUL4T10N}
What is flag four obtained after completing the exercise?
THM{S3CUR3_4LL_W3B_4553T5}
Task 7 Conclusion
Power to Threat Emulation.
No answer needed