NetX-Support - TA569

NetX-Support - TA569 is a blue team lab that falls under the Endpoint Forensics category and will cover the following subjects: Event Log Explorer, Registry Explorer, NTFS Log Tracker, Timeline Explorer, Eric Zimmerman Tools, FTK Imager, Chainsaw, Initial Access, Execution, Persistence, Privilege Escalation, Lateral Movement, Command and Control.

Learning Objectives

Analyze browser, filesystem, and event artifacts to reconstruct the attack chain, identify the malicious download source, extract second-stage and C2 indicators, and determine persistence, account creation, and lateral movement.

Categories: Endpoint Forensics.

MITRE ATT&CK Tactics: Initial Access, Execution, Persistence, Privilege Escalation, Lateral Movement, Command and Control.

Tools: Event Log Explorer, Registry Explorer, NTFS Log Tracker, Timeline Explorer, Eric Zimmerman Tools, FTK Imager, Chainsaw.

Difficulty: medium.