Aurora-Edr

TryHackMe: Atomic Bird Goes Purple #1 Author: Mario Martinez Jr. (ku5e / Gary7) | TryHackMe USA Rank #76 | Top 1% Difficulty: Medium Topics: Purple Teaming, Threat Emulation, Atomic Red Team, Windows Event Logs, Sysmon, Aurora EDR Answers are redacted within the narrative to allow you to complete the tasks on your own, but a full table of answers is available at the end of this walkthrough. This room puts you inside a Purple Team exercise built around the Atomic Red Team project. You emulate real adversary tactics across system discovery, credential capture, file manipulation, clipboard abuse, and system file hijacking, then investigate the artifacts each technique leaves behind. The goal is not just to run attacks but to understand what defenders see when those attacks run. ...

TryHackMe: CALDERA Author: Mario Martinez Jr. (ku5e / Gary7) | TryHackMe USA Rank #76 | Top 1% Difficulty: Medium Topics: CALDERA Framework, Adversary Emulation, MITRE ATT&CK, Sysmon Log Analysis, Aurora EDR, Autonomous Incident Response, APT41 Threat Emulation Answers are redacted within the narrative to allow you to complete the tasks on your own, but a full table of answers is available at the end of this walkthrough. CALDERA is MITRE’s open-source adversary emulation framework. This room covers the full pipeline: deploying agents, building adversary profiles, running operations, analyzing detections with Sysmon and Aurora EDR, and executing autonomous incident response. The final task emulates APT41, a threat group attributed to Chinese state-sponsored espionage and financial crime active since 2012. ...