T1598.002 - Dragonfly

T1598.002 - Dragonfly is a blue team lab that falls under the Endpoint Forensics category and will cover the following subjects: CyberChef, Oledump, Outlookspy, Python, Reconnaissance, Defense Evasion.

Learning Objectives

Analyze a spearphishing email to identify social engineering techniques and extract indicators of compromise from its headers and malicious attachment.

Categories: Endpoint Forensics.

MITRE ATT&CK Tactics: Reconnaissance, Defense Evasion.

Tools: Oledump, Outlookspy, CyberChef, Python.

Difficulty: easy.