Forum Discussion

bf7750's avatar
bf7750
Icon for Bronze I rankBronze I
17 days ago

APT29 Threat Hunting with Elasticsearch: Ep.5 – LNK File Analysis - Tools?

I was able to complete Ep. 1-4 without much difficulty because I have previous experience with Elasticsearch. But this lab feels like getting pushed into the deep end with no floaties. 

Not only is this lab not related at all to Elasticsearch, I don't see any links to the suite of tools that I am supposed to know about (Ghidra, procmon, HxD?) in order to decode and analyze malware. Did I miss the prerequisites for this series?

I am trying to find a path forward. I don't know where to start with this lab. I have been poking around for a while, but it hasn't been productive. Are there supporting labs that I should consider completing first? And if so, can the course material be updated to reflect this?

  • You could do the "PowerShell Basics" and/or the "PowerShell Deobfuscation" series.
    Or if you want a quick-start just try "strings <filename>" and start to investigate.

  • Hello, 

    It is quite tricky getting started with this one because of the little information you're given. HxD is a good place to start, and with a little knowledge of how to decode popular encoding methods in the CLI you should be able to figure it out!