The Resolvn Threat Hunting Virtual Machine (RTHVM) is a training resource used during a 2019 Packet Hacking Village workshop titled Intel-driven Hunts for Nation-state Activity Using Elastic SIEM.
In this workshop, participants analyzed Windows event logs of known malicious activity from various stages of the attack lifecycle. With key indicators identified, participants built Elastic SIEM Timelines for repeatable detection of MITRE ATT&CK techniques.