In this section, we will start using our lab to execute some test cases and payloads from various C2 frameworks. This section provides queries for Splunk.

Each section begins with a Virtual machines to power on heading - these VMs should be powered on prior to you starting the exercises.

Each section ends with reference links and a mind map for the items covered during the section.

Generally speaking, for any execution involving Windows, the Domain Controller should be powered on first.

For executions involving CERTER, power on the Domain Controller first, followed by CERTER and then any necessary Win11 machines.

For any exercises involving PCAP, make sure that the Malcolm VM/appliance is booted up and that Malcolm has had a chance to start prior to undertaking executions, as we want to make sure that all the network telemetry is captured when/if applicable.