Formbook

Formbook is a blue team lab that falls under the Endpoint Forensics, Malware Analysis categories and will cover the following subjects: Event Log Explorer, CyberChef, DB Browser for SQLite, Notepad++, PowerShell, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Command and Control.

Learning Objectives

Trace the attack chain from phishing delivery through obfuscated JavaScript, PowerShell loaders, and final payload execution.

Categories: Endpoint Forensics, Malware Analysis.

MITRE ATT&CK Tactics: Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Command and Control.

Tools: Event Log Explorer, CyberChef, DB Browser for SQLite, Notepad++, PowerShell.

Difficulty: hard.