Tax Day - BYOVD

Tax Day - BYOVD is a blue team lab that falls under the Endpoint Forensics category and will cover the following subjects: DB Browser for SQLite, Timeline Explorer, Windows Event Viewer, PECmd, IDA Pro, Resource Development, Persistence, Privilege Escalation, Defense Evasion, Command and Control.

Learning Objectives

Correlate forensic artifacts from event logs, browser history, and prefetch with static analysis using IDA Pro to reconstruct a BYOVD attack chain and defense evasion tactics.

Categories: Endpoint Forensics.

MITRE ATT&CK Tactics: Resource Development, Persistence, Privilege Escalation, Defense Evasion, Command and Control.

Tools: DB Browser for SQLite, Timeline Explorer, Windows Event Viewer, PECmd, IDA Pro.

Difficulty: easy.