APT29 Threat Hunting with Elasticsearch: Ep.5 – LNK File Analysis - Tools?

Question

I was able to complete Ep. 1-4 without much difficulty because I have previous experience with Elasticsearch. But this lab feels like getting pushed into the deep end with no floaties.

Not only is this lab not related at all to Elasticsearch, I don't see any links to the suite of tools that I am supposed to know about (Ghidra, procmon, HxD?) in order to decode and analyze malware. Did I miss the prerequisites for this series?

I am trying to find a path forward. I don't know where to start with this lab. I have been poking around for a while, but it hasn't been productive. Are there supporting labs that I should consider completing first? And if so, can the course material be updated to reflect this?

netcat · Answer

You could do the "PowerShell Basics" and/or the "PowerShell Deobfuscation" series.Or if you want a quick-start just try "strings &lt;filename&gt;" and start to investigate.

Forum Discussion

APT29 Threat Hunting with Elasticsearch: Ep.5 – LNK File Analysis - Tools?

Related Content

Malicious Document Analysis: Dropper Analysis

Help needed for Threat Hunting - Credential Access

FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs

Help needed for Threat Hunting: Mining Behaviour

Reverse Engineering (Offensive) JavaScript Analysis: JSDetox

Recent Discussions

Events & Breaches: Magecart Skimmer

Jupyter notebook output missing

PowerShell Basics: Demonstrate Your Skills question 11/12

Snort Rules: Ep.5 – Fake Tech Support Popup

WinDbg: Ep.2 – Walking Windows Structures