Threat Hunting with Carbon Black EEDR (Phishing turned into ransomware)
1. What is Threat Hunting?
Threat hunting is the pursuit of indicators of compromise (IOCs) within public and private cloud servers, endpoints, and networks that may be symptomatic of a compromise, intrusion, or data exfiltration. Though the concept of threat hunting isn’t new, the practice of threat hunting is for many organizations.
Carbon Black EDR continuously collects comprehensive data, giving you all the information you need to proactively hunt threats, uncover suspicious behavior, disrupt attacks in progress, repair damage quickly, manage vulnerability and address gaps in defenses. It allows you to search through raw unfiltered endpoint data by using a powerful query language, even if the endpoint is offline.
The key difference between threat hunting and incident response is that threat hunting is proactive, whereas incident response is reactive. Often times great incident responders make legendary threat hunters because their experience helps them to accurately determine how an attacker will behave and what they might do next.
2. Click GO
To login to the environment, perform the following steps.
Once the login button is highlighted in blue, click GO! to start the experience.
3. Horizon Login
Use the Testdrive Credentials provided in the Login Credentials menu on the top right corner to sign-in to VMware Horizon.
- Click the copy icon next to the username to copy
- Paste it on the Horizon username field by clicking on it, followed by pressing CTRL+v (Windows) or Command (⌘) + v (macOS) on your keyboard
- Next, click the copy icon next to the password to copy
- Paste it on the Horizon password field by clicking on it, followed by pressing CTRL+v (Windows) or Command (⌘) + v (macOS) on your keyboard
- Click Login to access
Other pasting options:
- Windows: use right-click on your mouse/ trackpad and select Paste
- macOS: press and hold the control key while you click the Horizon username/password field and select Paste
4. Launch Desktop
Once logged in, search for 'Carbon Black EDR' on the Apps Tab and click on the Horizon Desktop to launch it on your Browser.
6. Access Carbon Black Cloud within TestDrive environment
- Once you gain access to TestDrive environment
- Make sure you are logged into a TestDrive VDI Windows environment
- Your username should be VMWTD\xxxx
- On the desktop you can find files such as Sales Quota Slides, DL-600-R1-2021, Factory Shift work calendar etc.
- On the desktop, you will find a text file ReadMe
- In this ReadMe text file, you will find all the information about how to log into Carbon Black Cloud