A Company Got Hacked Because of an Invoice | TryHackMe Hunt Me 1: Payment Collectors

In this video walkthrough, we covered a threat hunting case study that involved hunting Windows event logs exported from a compromised machine due to recent phishing email. The hunt started with finding the initial attachment that was downloaded using Outlook and later on extracted. The extracted files contained a payment invoice in PDF that when opened spawned a powershell process that downloaded a reverse shell and connected to the attacker C2 server where further commands were launched to enumerate the system and finally to exfilterate data from a file server using Nslookup tool.
****
Receive Cyber Security Field, Certifications Notes and Special Training Videos
   / @motasemhamdan  
******
Writeup
https://motasem-notes.net/threat-hunt...
TryHackMe Hunt Me I: Payment Collectors
https://tryhackme.com/module/threat-h...
********
Google Profile
https://maps.app.goo.gl/eLotQQb7Dm6ai...
LinkedIn
[1]:   / motasem-hamdan-7673289b  
[2]:   / motasem-eldad-ha-bb42481b2  
Instagram
  / motasem.hamdan.official  
Twitter
  / manmotasem  
Facebook
  / motasemhamdantty