TestDrive

Introduction and Accessing the TestDrive

Updated

Threat Hunting with Carbon Black EEDR (Phishing turned into ransomware)

What is Threat Hunting?

Threat hunting is the pursuit of indicators of compromise (IOCs) within public and private cloud servers, endpoints, and networks that may be symptomatic of a compromise, intrusion, or data exfiltration. Though the concept of threat hunting isn’t new, the practice of threat hunting is for many organizations.

Carbon Black EDR continuously collects comprehensive data, giving you all the information you need to proactively hunt threats, uncover suspicious behavior, disrupt attacks in progress, repair damage quickly, manage vulnerability and address gaps in defenses. It allows you to search through raw unfiltered endpoint data by using a powerful query language, even if the endpoint is offline.

The key difference between threat hunting and incident response is that threat hunting is proactive, whereas incident response is reactive. Often times great incident responders make legendary threat hunters because their experience helps them to accurately determine how an attacker will behave and what they might do next.

Access TestDrive LIVE environment

TestDrive Intrinsic Security

In order to complete this walkthrough please make sure you have the following:

  • A valid account in the VMware TestDrive environment (if you do not have one sign up here)
  • Allowed outbound communication of TCP & UDP ports 80, 443, 8443; and if using PCoIP, both TCP & UDP 4172 from the computer you are accessing TestDrive.
  • A Horizon Client is installed on your machine

Access the TestDrive portal at portal.vmtestdrive.com; sign in with your TestDrive account email and password.

Navigate to the 'Intrinsic Security' tab to view security related experiences.

Launch

Launch

Locate the appropriate experience. This user experience is Threat Hunting with Carbon Black EDR. Once located, click the 'launchbutton.

Launch via WS1

Launch via WS1

If prompted again, click the 'launch via WS1 button'.

Login with your TestDrive username and password. On the next screen, if not displayed, search for 'Threat Hunting with Carbon Black EDR' in the search-box.

Click to open the VDI desktop via either the Horizon App or the web-based console.

Access Carbon Black Cloud within TestDrive environment

  1. Once you gain access to TestDrive environment
  2. Make sure you are logged into a TestDrive VDI Windows environment
    • Your username should be VMWTD\xxxx
    • On the desktop you can find files such as Sales Quota Slides, DL-600-R1-2021, Factory Shift work calendar etc.
  3. On the desktop, you will find a text file ReadMe
  4. In this ReadMe text file, you will find all the information about how to log into Carbon Black Cloud
Next Article Attack Stages Overview