Today we have a brand new set of labs related to GhostEngine: Analysis
On May 22, 2024, Elastic Security identified an intrusion set containing several malicious modules and vulnerable drivers used to disable endpoint detection and response (EDR) solutions before deploying a crypto miner.
In this lab, you'll analyze the malware used in this operation and learn about what detections can be implemented for malware that disables internal security solutions.
Who's it for?
These labs are focused on upskilling an increasing the defensive capabilities of the following roles:
- SOC Analysts
- Incident Responders
- Threat Hunters
- Malware Analysts
What are the key takeaways?
- Gaining an understanding of how the malware disables anti-virus and endpoint detection solutions
- Analyze the malware to identify indicators of compromise
Cyber Pro licensed users can access the new collection here.
Published 11 months ago
Version 1.0
BenMcCarthy
Immerser
Immerser