PwnedDC - FIN7

PwnedDC - FIN7 is a blue team lab that falls under the Endpoint Forensics category and will cover the following subjects: Volatility 2, Volatility 3, Arsenal Image Mounter, IDA, Capa-Explorer, TurnedOnTimesView, FullEventLogView, MFTECmd, USB Forensic Tracker, WinDbg, Outlook Forensics Wizard, FakeNet, Oletools, Wireshark, scdbg, Resource Hacker, mimikatz, Event Log Explorer, Registry Explorer, String, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Discovery, Command and Control, Impact.

Learning Objectives

Learn to investigate a domain controller compromise by analyzing logs, memory, and artifacts to uncover attacker tactics, persistence methods, and the full intrusion timeline.

Categories: Endpoint Forensics.

MITRE ATT&CK Tactics: Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Discovery, Command and Control, Impact.

Tools: Volatility 2, Volatility 3, Arsenal Image Mounter, IDA, Capa-Explorer, TurnedOnTimesView, FullEventLogView, MFTECmd, USB Forensic Tracker, WinDbg, Outlook Forensics Wizard, FakeNet, Oletools, Wireshark, scdbg, Resource Hacker, mimikatz, Event Log Explorer, Registry Explorer, String.

Difficulty: hard.