Red Team Threat Intel | Tryhackme

Aditya Chauhan
2 min readSep 19, 2022

THM room :https://tryhackme.com/room/redteamthreatintel

Task 1 Introduction

Q.Read the above and continue to the next task.

Answer: No Answer

Task 2 What is Threat Intelligence

Q.Read the above and continue to the next task.

Answer: No Answer

Task 3 Applying Threat Intel to the Red Team

Q.Read the above and continue to the next task.

Answer: No Answer

Task 4 The TIBER-EU Framework

Q.Read the above and continue to the next task.

Answer: No Answer

Task 5 TTP Mapping

Q.Read the above and use MITRE ATT&CK Navigator to answer the questions below using a Carbanak layer.

Answer: No Answer

Q.How many Command and Control techniques are employed by Carbanak?

Answer: 2

Q.What signed binary did Carbanak use for defense evasion?

Answer: Rundll32

Q.What Initial Access technique is employed by Carbanak?

Answer: Valid Accounts

Task 6 Other Red Team Applications of CTI

Q.Read the above and continue to the next task.

Answer: No Answer

Task 7 Creating a Threat Intel Driven Campaign

Q.Once the chain is complete and you have received the flag, submit it below.

Answer: THM{7HR347_1N73L_12 _4w35om3}

Q.What web shell is APT 41 known to use?

Answer: ASPXSpy

Q.What LOLBAS (Living Off The Land Binaries and Scripts) tool does APT 41 use to aid in file transfers?

Answer: certutil

Q.What tool does APT 41 use to mine and monitor SMS traffic?

Answer: MESSAGETAP

Task 8 Conclusion

Q.Read the above and continue learning!

Answer: No Answer

--

--

Aditya Chauhan

ISO 27001 LA | VAPT | Synack Red Teamer | HTB Dante | HTB RASTA | HTB Cybernetics | HTB Offshore | HTB APTLabs | Cyber Security Analyst | Security Researcher