Injector

Injector is a blue team lab that falls under the Endpoint Forensics category and will cover the following subjects: Registry Explorer, R-Studio, Autopsy, Volatility, FTK Imager, RegRpper, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Discovery.

Learning Objectives

Determine the web server compromise method and attacker actions by analyzing disk images, memory dumps, and registry artifacts using Autopsy, Volatility, and Registry Explorer.

Categories: Endpoint Forensics.

MITRE ATT&CK Tactics: Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Discovery.

Tools: R-Studio, FTK Imager, Autopsy, Volatility, Registry Explorer, RegRpper.

Difficulty: medium.