SpottedInTheWild

SpottedInTheWild is a blue team lab that falls under the Endpoint Forensics category and will cover the following subjects: Event Log Explorer, CyberChef, Registry Explorer, NTFS Log Tracker, Strings, Arsenal Image Mounter, SQLite Viewer, Eric Zimmerman Tools, Initial Access, Execution, Defense Evasion, Command and Control, Exfiltration, Impact.

Learning Objectives

Reconstruct an attack timeline by analyzing disk images, event logs, and malicious scripts to identify initial access, persistence, and data exfiltration techniques.

Categories: Endpoint Forensics.

MITRE ATT&CK Tactics: Initial Access, Execution, Defense Evasion, Command and Control, Exfiltration, Impact.

Tools: Arsenal Image Mounter, SQLite Viewer, Eric Zimmerman Tools, NTFS Log Tracker, Registry Explorer, Event Log Explorer, Strings, CyberChef.

Difficulty: hard.