Hunting Shadows using Defender for Endpoint.

Synopsis

In this exercise, we will mimic different methods using an adversary simulation tool (APT-Simulator) and see how we can spot these activities with Microsoft Defender for Endpoint. In this lab, we also collaborate with tools such as Eric Zimmerman’s timeline explorer to corelate our findings with Microsoft Defender for endpoint.

Architecture and requirements:

For this lab, we have the following machines setup: