During a recent Red Blue hands-on lab, I conducted a simulated attack on an isolated AD DS domain controller and Windows device. The focus was on utilizing a Fileless PowerShell script with process injection and SMB recon to investigate, remediate, and resolve the incident effectively through threat hunting activity.

Key points :

- Investigating the incident for the simulated attack

- Reviewing generated alerts

- Performing automated and manual investigation and remediation

- Resolving the incident

- Prioritizing incidents

- Managing incidents

- Exploring automated investigation and response with the Action center

- Utilizing advanced hunting techniques

- Receiving expert training on advanced hunting scenarios

To enhance security measures, Unified Security Operations with Microsoft Sentinel, Defender XDR, and Security Copilot were leveraged for comprehensive security and automatic attack disruption.