ACE

RESPONDER

Attack Animator

Blog

Learn

Challenges

Sign in

##### Prerequisites:
* [OpenSearch Tutorial](/learn/opensearch-tutorial)
* [Windows Logons](/learn/windows-logons)

In this module we'll take a look at CVE-2022-47966 and discuss how to hunt similar attacks. You will learn:

* how to identify CVE-2022-47966 exploitation
* hunt techniques and considerations for Windows servers with exposed web services
* investigative techniques and considerations for the initial stages of compromise

The events in your SIEM can be found in the following timespan: 24 Jan 2023 - 25 Jan 2023.

There are two index patterns for this module:
* `filebeat-*`
* `winlogbeat-*`

ManageEngine SAML RCE

Share on Twitter
Share on LinkedIn
Prerequisites:

In this module we'll take a look at CVE-2022-47966 and discuss how to hunt similar attacks. You will learn:

  • how to identify CVE-2022-47966 exploitation
  • hunt techniques and considerations for Windows servers with exposed web services
  • investigative techniques and considerations for the initial stages of compromise

The events in your SIEM can be found in the following timespan: 24 Jan 2023 - 25 Jan 2023.

There are two index patterns for this module:

  • filebeat-*
  • winlogbeat-*

Analyst

$17.49

/mo

14 Days Free

Explore realistic pre-recorded attacks

Master full-featured defensive platforms

Browser-based challenges and modules

Extended attack videos

Grants access to Analyst content. You can cancel any time by returning to this page and following the cancellation steps.

Defender

$44.49

/mo


Instant fully interactive labs

Hands-on prevention and detection

Master offensive techniques

Security engineering exercises

Highly realistic and dynamic scenarios

Access to all Analyst-level content

Grants access to all Defender content, Analyst content and interactive lab environments. You can cancel any time by returning to this page and following the cancellation steps.