VaultBreak

VaultBreak is a blue team lab that falls under the Endpoint Forensics category and will cover the following subjects: Event Log Explorer, Event Viewer, CyberChef, MFTECmd, Timeline Explorer, Notepad++, PECmd, Reconnaissance, Execution, Persistence, Privilege Escalation, Defense Evasion, Command and Control.

Learning Objectives

Reconstruct a multi-stage attack by analyzing Sysmon, WMI, and Prefetch logs to identify initial infection, advanced persistence, and C2 communications.

Categories: Endpoint Forensics.

MITRE ATT&CK Tactics: Reconnaissance, Execution, Persistence, Privilege Escalation, Defense Evasion, Command and Control.

Tools: Event Log Explorer, Event Viewer, CyberChef, MFTECmd, Timeline Explorer, Notepad++, PECmd.

Difficulty: medium.