Hunting an APT with Splunk: Initial Access (BOTS v2)

Two hypothesis-driven threat hunts against the Splunk BOTS v2 dataset tracing a spearphishing campaign from email delivery through malicious file execution, uncovering a two-wave attack that evaded detection on the second attempt.

Apr 3, 2026 Splunk, BOTSv2

Hunting an APT with Splunk: Reconnaissance (BOTS v2)

A walkthrough of two hypothesis-driven threat hunts against the Splunk BOTS v2 dataset, uncovering North Korean reconnaissance activity against a fictional brewing company using user agent string analysis and open-source intelligence.

Apr 2, 2026 Splunk, BOTSv2

CyberDefenders: AzurePot Lab

CyberDefenders: AzurePot Lab Overview In this lab, I will analyze a compromised Ubuntu Linux honeypot that was deployed on Microsoft Azure in October 2021. The honeypot was specifically designed ...

Jan 26, 2026 CyberDefenders, Endpoint Forensics

CyberDefenders: BlueSky Lab

CyberDefenders: BlueSky Lab Overview This lab walkthrough provides an in-depth investigation into a ransomware attack leveraging the BlueSky ransomware family. The exercise is designed to help cy...

Jan 25, 2026 CyberDefenders, Network Forensics

CyberDefenders: LGDroid Lab

CyberDefenders: LGDroid Lab Overview The LGDroid Lab challenges you to step into the role of a SOC analyst tasked with investigating a disk dump from an Android mobile device. This scenario simul...

Dec 7, 2025 CyberDefenders, Endpoint Forensics

CyberDefenders: Ulysses Lab

CyberDefenders: Ulysses Lab Overview The Ulysses Lab presents a scenario where a Linux server has been compromised, and it is your responsibility as a security analyst to investigate the incident...

Dec 4, 2025 CyberDefenders, Endpoint Forensics

CyberDefenders: Brave Lab

CyberDefenders: Brave Lab Overview Memory forensics is a vital component of modern digital investigations, providing access to volatile data that reveals a system’s live state at the moment it wa...

Dec 2, 2025 CyberDefenders, Endpoint Forensics

CyberDefenders: Silent Breach Lab

CyberDefenders: Silent Breach Lab Overview In this engaging scenario, the Impossible Missions Force (IMF) has fallen victim to a sophisticated cyber attack that has compromised sensitive intellig...

Nov 30, 2025 CyberDefenders, Endpoint Forensics

CyberDefenders: Reveal Lab

CyberDefenders: Reveal Lab Overview Today, I will be doing a walkthrough of an endpoint forensics lab on the platform CyberDefenders. As an incident responder, my main objective is to understand ...