MinerHunt

MinerHunt is a blue team lab that falls under the Endpoint Forensics category and will cover the following subjects: Event Log Explorer, Timeline Explorer, Evtxcmd, Threat Intel tools, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access.

Learning Objectives

Correlate Windows Event Logs and Sysmon artifacts to reconstruct a SQL Server attack, identifying initial access, multiple persistence techniques, and the attacker's cryptomining objective.

Categories: Endpoint Forensics.

MITRE ATT&CK Tactics: Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access.

Tools: Event Log Explorer, Timeline Explorer, Evtxcmd, Threat Intel tools.

Difficulty: medium.