Famous Chollima is a blue team lab that falls under the Endpoint Forensics category and will cover the following subjects: Event Log Explorer, Registry Explorer, MFTECmd, Timeline Explorer, Eric Zimmerman Tools, FTK Imager, Persistence, Privilege Escalation, Defense Evasion, Discovery, Collection, Exfiltration.
Learning Objectives
Synthesize forensic artifacts and Python source code from a disk image to reconstruct a credential theft attack, identifying persistence methods and C2 communications.