Threat Hunting Workshop: Hunting for Privilege Escalation

Earn Your Threat Hunting - Privilege Escalation (Level 1) Badge!

You’ve signed up for the workshop, you've studied to the data, and you've even gotten your hands dirty. Now is the time to put your knowledge to the ultimate test!

The data you've been provided during the workshop contains several privilege escalation examples that you have had a chance to observe and hunt for. In the data there exists another technique that falls under privilege escalation, this one being T1078 (Valid accounts). Hunt through the data and see if you can find it!

For those that successfully answer the questions, you will be awarded the Intel 471 Threat Hunting badge for Privilege Escalation (Level 1).

How Do You Claim Your Badge?

The data is already imported into your Elastic instance during set up - all you have to do is begin your hunt!

REMEMBER: You can submit as many times as you like!

In the data exists another technique that falls under privilege escalation, this one being T1078 (Valid accounts). What executable was used?
Cyborg and Intel 471 Logo - Full Color - Transparent