ResourcePacks

ResourcePacks is a blue team lab that falls under the Endpoint Forensics category and will cover the following subjects: Event Log Explorer, DB Browser for SQLite, MFTECmd, Timeline Explorer, Notepad++, PECmd, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Discovery, Command and Control.

Learning Objectives

Reconstruct an attack timeline by analyzing forensic artifacts to identify a UAC bypass, WMI persistence, and backdoor user creation techniques.

Categories: Endpoint Forensics.

MITRE ATT&CK Tactics: Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Discovery, Command and Control.

Tools: Notepad++, PECmd, DB Browser for SQLite, Event Log Explorer, MFTECmd, Timeline Explorer.

Difficulty: medium.