Activity 4: Catch the Hacker

This is a much shorter section, we’re just going to explain the scenario and let you go for free hunting time. You can take however much time you’d like to on this portion, but for live sessions we generally give participants 30-40 minutes before moving on.

  • Be sure you use the SecurityLogs database
  • Submit your answers “Introducing the Hackers” challenge on the Scoreboard

Happy Hunting!

Introducing the Hackers

Now that you’ve completed your initial round of training, you are ready to work your first case in the SOC!

A security researcher tweeted that the domain “immune[.]tech” was being used by hackers. Apparently the hackers are sending credential (logins, passwords, etc) phishing emails from inside this domain.


According to OSINT research your colleagues conducted, this domain may be used as part of a phishing campaign with the following stages:


🎯Key Point – Open Source Intelligence (OSINT): Security researchers and analysts often use free, publicly available data, like Twitter! We call this public data OSINT, and it can be a great way to get investigative leads. Like all public data sources on the internet, you should follow up any OSINT tip with rigorous analysis, rather than blindly trusting the source.