f:["$","$L17",null,{"module":{"slug":"module-20","title":"The Hunter's Capstone","description":"Full-spectrum hunt in a simulated compromised enterprise environment.","order":20,"sections":[{"id":"capstone","title":"Capstone Challenge","type":"content","content":"\n

Enterprise Compromise Hunt

\n You are a threat hunter at a Fortune 500 company. The SOC has detected suspicious activity but cannot determine the scope of the breach.\n

\n Your Mission: Hunt through Windows logs, network traffic, and memory dumps to identify the attack chain, persistence mechanisms, and data exfiltration attempts.\n

\n "},{"id":"final-quiz","title":"Final Assessment","type":"quiz","quizQuestions":[{"id":1,"type":"multiple-choice","question":"What is the first step in the threat hunting loop?","options":["Investigate","Create a hypothesis","Automate","Uncover patterns"],"correct":"Create a hypothesis"},{"id":2,"type":"true-false","question":"Threat hunting is a reactive process.","options":["True","False"],"correct":"False"},{"id":3,"type":"multiple-choice","question":"Which Windows Event ID logs PowerShell script block execution?","options":["4624","4104","4688","4720"],"correct":"4104"},{"id":4,"type":"true-false","question":"Sysmon provides more detailed telemetry than standard Windows logs.","options":["True","False"],"correct":"True"},{"id":5,"type":"multiple-choice","question":"What does YARA do?","options":["Scans network traffic","Identifies malware based on patterns","Encrypts files","Manages user accounts"],"correct":"Identifies malware based on patterns"}]}]},"courseSlug":"advanced-threat-hunting","nextModuleSlug":"$undefined"}]