Join for Free

thugonomist

Has successfully completed 🎉

PwnedDC Lab

Instructions: Ensure that there are no blockers, such as Adblock extensions, that might prevent the lab from opening in a new tab or affect lab’s functionality. All the lab-related files and tools are on the desktop in 'Start here' directory. Use Win2016x64_14393 profile with volatility2 to analyze the memory dump Scenario: An ActiveDirectory compromise case: adversaries were able to take over the corporate domain controller. As a soc analyst, Investigate the case and reveal the Who, When, What, Where, Why, and How.

Read More
Endpoint Forensics Endpoint Forensics
hard

Jul 18, 2022

Tactics
Initial Access Execution Persistence Privilege Escalation Defense Evasion Discovery Command and Control Impact
Tools
Volatility 2 Volatility 3 Arsenal Image Mounter IDA Capa-Explorer TurnedOnTimesView FullEventLogView MFTECmd USB Forensic Tracker WinDbg Outlook Forensics Wizard FakeNet Oletools Wireshark scdbg Resource Hacker mimikatz Event Log Explorer Registry Explorer String