Happy Saturday morning to you, it's 7am and Im up already after a very heavy week at work cracking on with some more Try Hack Me rooms (gotta keep my streak !!!).
In the new Threat Intelligence and Containment room released this week we are learning more about what threat intel looks like in the real world and how SOC teams may not always want to lock-out a threat actor immediately without understanding their TTP's first. The article explains that sometimes it can be a game of cat and mouse when a malicious actor is found inside your network......Sometimes a sharp sudden lock down can force a hacker to navigate to other areas of the network or force them to behave in a way we would not anticipate.
In the practical lesson I am using a packet capture from Wireshark to analyse a suspicious download on a victims machine to investigate the source IP address:
