TomCracked

TomCracked is a blue team lab that falls under the Network Forensics category and will cover the following subjects: Wireshark, NetworkMiner, Zui (Brim Security), CobaltStrikeParser, Python3, PowerShell, Reconnaissance, Initial Access, Execution, Persistence, Privilege Escalation, Discovery, Collection, Command and Control, Exfiltration, Impact.

Learning Objectives

Analyze a web server compromise by analyzing network traffic to trace a Java deserialization exploit and the subsequent deployment of a Cobalt Strike beacon.

Categories: Network Forensics.

MITRE ATT&CK Tactics: Reconnaissance, Initial Access, Execution, Persistence, Privilege Escalation, Discovery, Collection, Command and Control, Exfiltration, Impact.

Tools: Wireshark, NetworkMiner, Zui (Brim Security), CobaltStrikeParser, Python3, PowerShell.

Difficulty: hard.