RepoReaper - Water Curse

RepoReaper - Water Curse is a blue team lab that falls under the Endpoint Forensics category and will cover the following subjects: Event Log Explorer, DB Browser for SQLite, FTK Imager, VirusTotal, Registry Explorer, NTFS Log Tracker, MFTECmd, Timeline Explorer, DCode, PECmd, EZ Tools, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Discovery, Command and Control, Exfiltration.

Learning Objectives

Investigate a disk image to uncover a UAC bypass and process hollowing and trace the attack back to a compromised software repository.

Categories: Endpoint Forensics.

MITRE ATT&CK Tactics: Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Discovery, Command and Control, Exfiltration.

Tools: Event Log Explorer, DB Browser for SQLite, FTK Imager, VirusTotal, Registry Explorer, NTFS Log Tracker, MFTECmd, Timeline Explorer, DCode, PECmd, EZ Tools.

Difficulty: hard.