MeteorHit - Indra

MeteorHit - Indra is a blue team lab that falls under the Endpoint Forensics category and will cover the following subjects: Event Log Explorer, Registry Explorer, NTFS Log Tracker, MFTECmd, VirusTotal, Execution, Persistence, Privilege Escalation, Defense Evasion, Discovery, Impact.

Learning Objectives

Reconstruct a wiper malware attack by analyzing registry, event logs, and USN journal artifacts using Registry Explorer, Event Log Explorer, and VirusTotal.

Categories: Endpoint Forensics.

MITRE ATT&CK Tactics: Execution, Persistence, Privilege Escalation, Defense Evasion, Discovery, Impact.

Tools: Registry Explorer, Event Log Explorer, NTFS Log Tracker, MFTECmd, VirusTotal.

Difficulty: medium.