Ulysses

Ulysses is a blue team lab that falls under the Endpoint Forensics category and will cover the following subjects: VsCode, Autopsy, Volatility, FTK Imager, 010 Editor, Initial Access, Execution, Persistence, Privilege Escalation, Command and Control, Exfiltration, Impact.

Learning Objectives

Analyze Linux system artifacts, including memory dumps and logs, with Volatility and FTK Imager to reconstruct an attack and identify IOCs.

Categories: Endpoint Forensics.

MITRE ATT&CK Tactics: Initial Access, Execution, Persistence, Privilege Escalation, Command and Control, Exfiltration, Impact.

Tools: Volatility, 010 Editor, Autopsy, FTK Imager, VsCode.

Difficulty: medium.