Trident

Trident is a blue team lab that falls under the Network Forensics category and will cover the following subjects: Brim, suricatarunner, NetworkMiner, Wireshark, IDA, MAC address lookup, outlook, VirusTotal, scdbg, HxD, Reconnaissance, Initial Access, Execution, Defense Evasion, Command and Control.

Learning Objectives

Synthesize network, document, and malware forensics findings to reconstruct a multi-stage phishing attack, identifying exploit chains and C2 communication.

Categories: Network Forensics.

MITRE ATT&CK Tactics: Reconnaissance, Initial Access, Execution, Defense Evasion, Command and Control.

Tools: Brim, suricatarunner, NetworkMiner, Wireshark, IDA, MAC address lookup, outlook, VirusTotal, scdbg, HxD.

Difficulty: medium.