This exercise is a test of the blue team’s ability to detect adversary activity. Activities will fire across 6 time-based levels and will span the entire MITRE ATT&CK Framework.
Your job is to report the hosts and activities upon which the adversary is acting. Will you have enough time to find them all?
Here is a breakdown of what to expect:
Activities will not follow the flow of a typical intrusion. Activities may begin with Impact
, followed by C2
, followed finally by Initial Access
.