IcedID 2 - GOLD CABIN

IcedID 2 - GOLD CABIN is a blue team lab that falls under the Endpoint Forensics category and will cover the following subjects: Event Log Explorer, Timeline Explorer, EvtxECmd, MemProcFS, Volatility 3, Execution, Persistence, Privilege Escalation, Discovery, Lateral Movement, Command and Control.

Learning Objectives

Analyze memory artifacts and trace a ransomware attack's origin, execution, and persistence using forensic tools like Volatility 3 and MemProcFS.

Categories: Endpoint Forensics.

MITRE ATT&CK Tactics: Execution, Persistence, Privilege Escalation, Discovery, Lateral Movement, Command and Control.

Tools: Volatility 3, MemProcFS, Event Log Explorer, EvtxECmd, Timeline Explorer.

Difficulty: medium.