Andromeda Bot - UNC4210 is a blue team lab that falls under the Endpoint Forensics category and will cover the following subjects: Timeline Explorer, MemProcFS, Evtxcmd, VirusTotal, Initial Access, Persistence, Privilege Escalation, Defense Evasion, Lateral Movement, Command and Control.
Learning Objectives
Analyze memory images and event logs using MemProcFS, EvtxECmd, and Timeline Explorer to identify Andromeda bot IOCs, reconstruct its infection timeline, and attribute it to an APT group.