Blue Team Labs Online — The Report Write-Up [No Answers]

Published in

CyberScribers

3 min readFeb 3, 2024

The Report Scenario — You are working in a newly established SOC where still there is lot of work to do to make it a fully functional one. As part of gathering intel you were assigned a task to study a threat report released in 2022 and suggest some useful outcomes for your SOC.

A compressed file has been supplied, containing a PDF document that can be utilised for addressing the challenges. Perusing the document will assist us in resolving the challenges.

Question 1) Name the supply chain attack related to Java logging library in the end of 2021 (Format: AttackNickname)

Question 2) Mention the MITRE Technique ID which effected more than 50% of the customers (Format: TXXXX)

Question 3) Submit the names of 2 vulnerabilities belonging to Exchange Servers (Format: VulnNickname, VulnNickname)

Question 4) Submit the CVE of the zero day vulnerability of a driver which led to RCE and gain SYSTEM privileges (Format: CVE-XXXX-XXXXX)

Question 5) Mention the 2 adversary groups that leverage SEO to gain initial access (Format: Group1, Group2)

Question 6) In the detection rule, what should be mentioned as parent process if we are looking for execution of malicious js files [Hint: Not CMD] (Format: ParentProcessName.exe)

Question 7) Ransomware gangs started using affiliate model to gain initial access. Name the precursors used by affiliates of Conti ransomware group (Format: Affiliate1, Affiliate2, Afilliate3)

Question 8) The main target of coin miners was outdated software. Mention the 2 outdated software mentioned in the report (Format: Software1, Software2)