RansomHub Leads to Domain Compromise – Private Case #33490
RansomHub Leads to Domain Compromise – Private Case #33490
Difficulty:
Hard
Couldn't load pickup availability
This case is based on a Private Threat Brief. You’ll get to investigate a domain-wide compromise involving a multi-stage intrusion that started with a password spraying attack. The threat actor established persistence, performed reconnaissance, exfiltrated data, and ultimately deployed RansomHub ransomware to disrupt operations.
To read more about DFIR Labs click here.
Important: Choose the Correct License Type
Personal License
For individuals paying out of their own pocket for personal skill development only.
- Self-funded learning
- Personal skill improvement
- No organizational benefit
Enterprise License
Required if any organization benefits from your use, including:
- Company-sponsored training
- Skills used for work purposes
- Educational institutions
- Team learning activities
Important: If your employer is paying for this lab OR if the skills learned will benefit your employer/organization in any way, you must purchase an Enterprise license. This applies even if you're paying personally but using the skills for work.
You will receive an email within 5 minutes of purchase with instructions on how to activate the lab. Buy now, use anytime within the next 3 months. Enjoy!
Disclaimer
All information in the DFIR Labs and analysis of that information shall be treated as TLP:RED. This classification mandates that the information is not shared publicly or privately without explicit permission from The DFIR Report.
The difficulty of each DFIR Lab case is inherently subjective and may vary based on the participant's individual skills and experience.
