Hunter

Hunter is a blue team lab that falls under the Endpoint Forensics category and will cover the following subjects: AccessData_FTK_Imager, Registry Explorer/RECmd, Reg Ripper "Windows", Reg Ripper "Linux", DCode, ShellBags Explorer, DB Browser for SQLlite, WinPrefetchView, JumpList Explorer, 010 Editor, SysTools Outlook PST Viewer 4.5.0.0, Autopsy, HindSight, Arsenal Image Mounter, LinkParser v1.3, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration, Impact.

Learning Objectives

Evaluate forensic artifacts from a disk image to confirm unauthorized port scanning and assess user intent for installing illegal applications.

Categories: Endpoint Forensics.

MITRE ATT&CK Tactics: Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration, Impact.

Tools: AccessData_FTK_Imager, Registry Explorer/RECmd, Reg Ripper "Windows", Reg Ripper "Linux", DCode, ShellBags Explorer, DB Browser for SQLlite, WinPrefetchView, JumpList Explorer, 010 Editor, SysTools Outlook PST Viewer 4.5.0.0, Autopsy, HindSight, Arsenal Image Mounter, LinkParser v1.3.

Difficulty: medium.