Introduction

What?

An investigation with Splunk and the Cyber kill chain as framework.

Why?

Stop/defend/prevent against the attack in a better way.

How?

• I am really not batman

• Reconnaissance phase

• Exploitation phase

• Installation phase

• Action on objectives

• Command and control phase

• Weaponisation phase

• Delivery phase