XMRig

XMRig is a blue team lab that falls under the Endpoint Forensics category and will cover the following subjects: Strings, TestDisk, Linux Command Line Tools, PhotoRec, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Lateral Movement, Collection, Command and Control, Exfiltration.

Learning Objectives

Reconstruct attacker methods on a Linux system by analyzing a disk image, recovering deleted files with Photorec, and correlating logs, command history, and configuration files.

Categories: Endpoint Forensics.

MITRE ATT&CK Tactics: Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Lateral Movement, Collection, Command and Control, Exfiltration.

Tools: Linux Command Line Tools, TestDisk, Strings, PhotoRec.

Difficulty: medium.