Spooler - APT28

Spooler - APT28 is a blue team lab that falls under the Endpoint Forensics category and will cover the following subjects: DB Browser for SQLite, Registry Explorer, MFTECmd, Timeline Explorer, Eric Zimmerman Tools, VirusTotal, Persistence, Privilege Escalation, Defense Evasion.

Learning Objectives

Hunt browser downloads, MFT records, and Prefetch to unmask the initial dropper and rebuild the attack timeline.

Categories: Endpoint Forensics.

MITRE ATT&CK Tactics: Persistence, Privilege Escalation, Defense Evasion.

Tools: DB Browser for SQLite, Registry Explorer, MFTECmd, Timeline Explorer, Eric Zimmerman Tools, VirusTotal.

Difficulty: hard.