Threat Hunting with Splunk Part 1 - Website Defacement
The Scenario Today is Alice’s first day at the Wayne Enterprises Security Operations Center (SOC). Lucius Fox has just dropped a memo from the Gotham City Police Department (GCPD) on her desk. The Intel: Evidence found on Pastebin suggests that www.imreallynotbatman.com—hosted on Wayne Enterprises’ infrastructure—has been compromised by the Po1s0n1vy APT group. Their goal? Defacement and embarrassment. Your mission is to validate the compromise, trace the attack vector, and reconstruct the timeline using Splunk. ...