WorkFromHome

WorkFromHome is a blue team lab that falls under the Endpoint Forensics category and will cover the following subjects: Event Log Explorer, Event Viewer, DB Browser for SQLite, Registry Explorer, Notepad++, Eric Zimmerman Tools, Initial Access, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Lateral Movement, Command and Control.

Learning Objectives

Analyze forensic artifacts to trace an attacker's progression from initial social engineering and remote access to a "Sticky Keys" privilege escalation.

Categories: Endpoint Forensics.

MITRE ATT&CK Tactics: Initial Access, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Lateral Movement, Command and Control.

Tools: Event Log Explorer, Event Viewer, DB Browser for SQLite, Registry Explorer, Notepad++, Eric Zimmerman Tools.

Difficulty: medium.