TOCTOU - OilRig is a blue team lab that falls under the Endpoint Forensics category and will cover the following subjects: Timeline Explorer, MemProcFS, Volatility 3, Strings, VirusTotal, Execution, Persistence, Privilege Escalation, Defense Evasion.
Learning Objectives
Correlate memory, registry, and filesystem artifacts using Volatility 3, MemProcFS, and Timeline Explorer to reconstruct a multi-stage attack timeline and map attacker TTPs to MITRE ATT&CK.