Maromafix Falldown - RansomHub

Maromafix Falldown - RansomHub is a blue team lab that falls under the Threat Hunting, Endpoint Forensics categories and will cover the following subjects: RegRipper, DB Browser for SQLite, CyberChef, dnSpy, ELK, Timeline Explorer, MFTECmd, Detect It Easy, defender-dump.py, CobaltStrikeParser, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Impact.

Learning Objectives

Reconstruct a multi-stage ransomware attack by correlating Windows event logs, disk artifacts, and malware analysis using Elastic, MFTECmd, RegRipper, and DNSpy.

Categories: Threat Hunting, Endpoint Forensics.

MITRE ATT&CK Tactics: Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Impact.

Tools: RegRipper, DB Browser for SQLite, CyberChef, dnSpy, ELK, Timeline Explorer, MFTECmd, Detect It Easy, defender-dump.py, CobaltStrikeParser.

Difficulty: hard.