Full-Stack Incident Response

With @sambowne, @djhardb, @KaitlynGuru, and @infosecirvin.

Scoreboard · Submit Flags

Archived Videos

Black Hat Trainings 2021 (First section)
Black Hat Trainings 2021 (Second section)
WASTC FDW Sum 2022

Archived Scores

Black Hat Trainings, 2021 (First section)
Black Hat Trainings, 2021 (Second section)
WASTC FDW Sum 2022
TX WC Sum 2022

Splunk Boss of the SOC

BOTSv1: Threat Hunting with Splunk  325

ATT&CK Matrix v9

Reference: ATT&CK Matrix v9 for Enterprise
ATT 1: ATT&CK Tactics  10
ATT 2: ATT&CK Techniques for Tactics 43, 42, & 1‑3  10
ATT 3: ATT&CK v9 Techniques for Tactics 4-6  10
ATT 4: ATT&CK v9 Techniques for Tactics 7-9  10
ATT 5: ATT&CK v9 Techniques for Tactics 11, 10, and 40  10
ATT 6: ATT&CK v9 Groups  10
ATT 7: ATT&CK v9 Navigator  10

Windows and Linux Machines

IR 100: Windows and Linux Machines20

Threat Intelligence

IR 380: STIX Threat Intelligence35
IR 381: TAXII15
IR 382: Cabby40
IR 383: Squid30

Velociraptor

IR 371: Velociraptor Server on Linux  25
IR 372: Investigating a PUP with Velociraptor  40
IR 373: Investigating a Bot with Velociraptor  50
IR 374: Investigating a Two-Stage RAT with Velociraptor  35
IR 370: Installing Velociraptor on Windows  30

Zeek

IR 350: Zeek Interactive Tutorial  59
IR 351: Installing and Using Zeek  25

Defending Windows

IR 301: Installing Splunk on a Windows Server  15
IR 330: Detecting Ransomware with Splunk and Sysmon  20
IR 303: Capturing RAM from a Process  15
IR 304: VirusTotal & Wireshark  35
IR 305: PacketTotal  45
IR 306: Yara  40
IR 307: Prefetch Forensics  15

ATT 100: Caldera  25
ATT 101: Caldera Operation  15

Defending Linux Servers

ED 200: Google Cloud Linux Server  15
IR 201: Splunk & Suricata  45
IR 202: Metasploit & Drupalgeddon  85
IR 308: osquery  15

Basics

H 101 - 104: Binary Games  40
Linux Unhatched: Free Course  
ICSI | Certified Penetration Tester: Free Course  

Command Line

LJ: Linux Journey  83
B: Bandit Challenges  69
U-Cen and U-Cyb: PowerShell  75

Networking

H 410: Nmap  40
H 420: Wireshark  110
H 430: Scapy  20

Making Your Own Windows VM
Optional

Recommended
    PMA 41: Windows 10 with Analysis Tools
20
Not Recommended
    PMA 40: FLARE-VM
20
Alternative Local System
    H 2: Windows 2016 Server Virtual Machine
15
Best Cloud System
    PMA 60: Windows 10 on Azure Cloud
15
Alternate Cloud System
    PMA 30: Windows 2016 Server on Google Cloud
15

Virtual Machine Resources

Practical Malware Analysis Samples

Hypervisors

VMware Player (for Windows hosts, free)
VMware Fusion (for Mac hosts, 30-day trial)
VirtualBox (free for all platforms)

Posted 6-16-2022