Scenario

Your security team must always be up-to-date and aware of the threats targeting organizations in your industry. As you begin your journey as a Threat Intelligence Intern, equipped with some SOC experience, your manager has assigned you a task to test your research skills and how effectively you can leverage the MITRE ATT&CK framework. * Conduct thorough research on Volt Typhoon. * Use the MITRE ATT&CK framework to map adversary behavior and tactics into actionable insights. Impress your manager with your assessment, showcasing your passion for threat intelligence.

https://app.hackthebox.com/sherlocks/ElectricBreeze-1

1- Based on MITRE's sources, since when has Volt Typhoon been active?

2021

Screenshot 2025-08-20 202700.png

Screenshot 2025-08-20 202736.png

we can find the answer in mitre introduction

2- MITRE identifies two OS credential dumping techniques used by Volt Typhoon. One is LSASS Memory access (T1003.001). What is the Attack ID for the other technique?

T1003.003

Screenshot 2025-08-20 202805.png

Screenshot 2025-08-20 202851.png

we go to ttps section and use mitre navigator

3- Which database is targeted by the credential dumping technique mentioned earlier?

Active Directory