Stolen Time - HiddenTear

Stolen Time - HiddenTear is a blue team lab that falls under the Threat Hunting category and will cover the following subjects: DB Browser for SQLite, Registry Explorer, Timeline Explorer, Splunk, EZ Tools, VirusTotal, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Exfiltration, Impact.

Learning Objectives

Synthesize and correlate diverse forensic artifacts from multiple systems to reconstruct the complete HiddenTear attack chain and attribute threat actor TTPs.

Categories: Threat Hunting.

MITRE ATT&CK Tactics: Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Exfiltration, Impact.

Tools: DB Browser for SQLite, Registry Explorer, Timeline Explorer, Splunk, EZ Tools, VirusTotal.

Difficulty: medium.