Szechuan Sauce

Szechuan Sauce is a blue team lab that falls under the Endpoint Forensics category and will cover the following subjects: Registry Explorer, Brim, Wireshark, FTK Imager, Volatility 3, Event Log Explorer, ClamAV, Impacket, rifiuti2, hashcat, VirusTotal, Hybrid-analysis, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion.

Learning Objectives

Reconstruct a data exfiltration incident by correlating memory, disk, network, and log artifacts using a suite of forensic tools.

Categories: Endpoint Forensics.

MITRE ATT&CK Tactics: Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion.

Tools: Registry Explorer, Brim, Wireshark, FTK Imager, Volatility 3, Event Log Explorer, ClamAV, Impacket, rifiuti2, hashcat, VirusTotal, Hybrid-analysis.

Difficulty: medium.