Learning the Details of Attacks
Research a real-world cyber attack and document the technical details, IOCs, and lessons learned.
Duration: 45-60 minutes
Type: OSINT Research
Difficulty: Intermediate
Learning Objectives
- Research documented cyber attacks using open source intelligence
- Identify and document Indicators of Compromise (IOCs)
- Map attack techniques to the MITRE ATT&CK framework
- Analyze attack timelines and attacker methodologies
- Extract defensive lessons from offensive operations
Part 1: Select an Attack to Research
Choose one of the following well-documented cyber attacks to research. These attacks have extensive public documentation available.
SolarWinds Supply Chain Attack (2020)
Nation-state supply chain compromise affecting 18,000+ organizations via trojanized Orion update.
CVE-2020-10148
Log4Shell (2021)
Critical RCE vulnerability in Apache Log4j affecting millions of Java applications worldwide.
CVE-2021-44228
Colonial Pipeline Ransomware (2021)
DarkSide ransomware attack that shut down major US fuel pipeline infrastructure.
Ransomware
NotPetya (2017)
Destructive wiper malware disguised as ransomware, causing $10B+ in global damages.
CVE-2017-0144
Microsoft Exchange (Hafnium) (2021)
Zero-day exploitation of Exchange Server vulnerabilities affecting 250,000+ servers.
CVE-2021-26855
Custom Selection
Research a different documented attack of your choice (must have public IOCs available).
Your Choice Part 2: Research Resources
Use these trusted sources to gather information about your selected attack:
Recommended Sources
MITRE ATT&CK
CISA KEV Catalog
VirusTotal
AlienVault OTX
Mandiant Blog
CrowdStrike Blog
Part 3: Document Your Research
Attack Research Report
| Type | Value | Context |
|---|---|---|
Your research is saved locally as you type.
Research Complete!
You've successfully documented your attack research. This skill is essential for threat intelligence and incident response.