HTB Academy Introduction to Threat Hunting & Hunting With Elastic SOC Job Path

I have been on the skill assessment for Introduction to Threat Hunting & Hunting With Elastic )Mini-Module. I cannot seem to get past the first Hunt.

Hunt 1: Create a KQL query to hunt for ["Lateral Tool Transfer"]( to C:\Users\Public. Enter the content of the field in the document that is related to a transferred tool that starts with "r" as your answer.

I cannot seem to figure out the query to even search for the tools. I have tried to look for transfers and shares, not an option. I then did a file destination, but it cannot find Public. Has anyone done this yet? I would appreciate any assistance anyone can offer.

I am also stuck with this one, did you managed to solve it?

You’re on the right path with the file destination. Check some of the pre-populated queries in Elastic and tweak it to find what you need. It narrows the results down a ton. Hope that helps!