Exfiltration - Registration Page Text

There is an open-source tool that was used to exfiltrate data that we did not discuss. The activity exists in the logs that you have but here is the question: What port is it reaching out on? And what is the MITRE ATT&CK Technique Number that covers this method?

You’ve signed up for the workshop, you've studied to the data, and you've even gotten your hands dirty. Now is the time to put your knowledge to the ultimate test!

The data you've been provided during the workshop contains several exfiltration examples that you have had a chance to observe and hunt for. However, there also exists ANOTHER form of exfiltration that your instructor touched on. It is up to you to take what you have learnt throughout this workshop and apply it to discover the other exfiltration mechanism, as well as answer some questions.

For those that successfully answer the questions, you will be awarded the Cyborg Security Threat Hunting badge for Exfiltration (Level 1).

How Do You Claim Your Badge?

The data is already imported into your Elastic instance during set up - all you have to do is begin your hunt!


HINT: Remember, whether you attended LIVE or RECORDED sessions, your instructor gave you a hint during the course. Use that hint to begin your hunt!

REMEMBER: You can submit as many times as you like!


Your Threat Hunting Instructor

Lee Archinal

Senior Threat Hunter and Content Developer, Cyborg Security

Lee is a U.S. Army veteran. While enlisted he worked as a network administrator in a wide variety of conditions. Since leaving the military he has been working in the private sector as a threat hunter and incident responder. At Cyborg Security, Lee is responsible for developing cutting edge hunting and detection content for the HUNTER platform.