GateBreak is a blue team lab that falls under the Endpoint Forensics category and will cover the following subjects: Spotlight-Parser, unifiedlog_iterator, FSEParser, ios_apt, plist Editor, CSViewer, Execution, Persistence, Privilege Escalation, Defense Evasion, Collection, Command and Control.
Learning Objectives
Reconstruct a macOS attack timeline by correlating Unified Logs, FSEvents, and browser artifacts using macMRU.py and unifiedlog_iterator to identify initial access, Gatekeeper bypass, and persistence.