This exercise is a test of the blue team’s ability to detect adversary activity. Activities will fire across 6 time-based levels and will span the entire MITRE ATT&CK Framework.

Your job is to report the hosts and activities upon which the adversary is acting. Will you have enough time to find them all?

Here is a breakdown of what to expect:

Activities will not follow the flow of a typical intrusion. Activities may begin with Impact, followed by C2, followed finally by Initial Access.