- Lab
-
Libraries: If you want this lab, consider one of these libraries.
- Security
Network Analysis with Real Intelligence Threat Analytics (RITA)
In this lab, you investigate suspected command-and-control activity within an enterprise environment using historical network telemetry. You work in an offline analysis environment and use RITA to explore network metadata and identify suspicious communication patterns. Throughout the investigation, you analyze host behavior over time to uncover signs of stealthy persistence and determine whether the activity aligns with adversary command-and-control techniques. In the final phase, you summarize your findings and extract key indicators to support escalation and defensive operations. This lab simulates real-world network threat hunting and post-compromise analysis workflows commonly performed in SOC environments and aligns with adversary behaviors such as: > **T1071.001 – Application Layer Protocol: Web Protocols** > > Identifying command-and-control activity that leverages HTTP and HTTPS to blend into legitimate network traffic. > > **T1041 – Exfiltration Over C2 Channel** > > Detecting low-volume or periodic data transfers associated with beaconing and command-and-control communications. > > **T1001 – Data Obfuscation** > > Identifying encrypted or obfuscated communication patterns designed to evade content inspection and traditional signature-based detection. >
Lab Info
Table of Contents
-
Challenge
Deploy RITA and Prepare Network Data for Analysis
You are investigating suspected command-and-control activity. In this objective, you generate network metadata from packet captures, validate the resulting logs, and import the data into RITA to create analyzable datasets.
-
Challenge
Detect C2 Beaconing Patterns in Web-Based Communications
Analyze prepared RITA datasets to identify hosts exhibiting beaconing behavior by examining connection timing, frequency, and consistency, and determine whether the patterns align with command-and-control activity.
-
Challenge
Identify Obfuscated and Encrypted Command-and-Control Channels
Analyze DNS, SNI, and connection metadata in RITA to identify encrypted or obfuscated communication patterns that may conceal persistent command-and-control activity.
-
Challenge
Generate Threat Intelligence Reports and Indicators of Compromise
Transform RITA analysis results into actionable threat intelligence by extracting indicators, summarizing command-and-control behavior, and producing a structured report suitable for escalation and defensive operations.
About the author
Real skill practice before real-world application
Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.
Learn by doing
Engage hands-on with the tools and technologies you’re learning. You pick the skill, we provide the credentials and environment.
Follow your guide
All labs have detailed instructions and objectives, guiding you through the learning process and ensuring you understand every step.
Turn time into mastery
On average, you retain 75% more of your learning if you take time to practice. Hands-on labs set you up for success to make those skills stick.