CorporateSecrets

CorporateSecrets is a blue team lab that falls under the Endpoint Forensics category and will cover the following subjects: Event Log Explorer, DB Browser for SQLite, Registry Explorer, HxD, FTK Imager, RegRipper, HindSight, MFTDump, Execution, Defense Evasion, Credential Access, Discovery, Collection.

Learning Objectives

Evaluate a Windows disk image by correlating registry, event log, browser, and MFT artifacts to reconstruct evidence of corporate secret exfiltration.

Categories: Endpoint Forensics.

MITRE ATT&CK Tactics: Execution, Defense Evasion, Credential Access, Discovery, Collection.

Tools: FTK Imager, Registry Explorer, RegRipper, HxD, DB Browser for SQLite, HindSight, Event Log Explorer, MFTDump.

Difficulty: medium.