YARA Trap is a blue team lab that falls under the Endpoint Forensics category and will cover the following subjects: PECmd, BitsParser, CyberChef, CryptnetURLCacheParser, Notepad++, MFTECmd, Timeline Explorer, Registry Explorer, Event Log Explorer, Execution, Persistence, Privilege Escalation, Defense Evasion, Discovery, Command and Control.
Learning Objectives
Investigate attacker behavior by analyzing Windows artifacts to identify persistence, privilege escalation, and lateral movement using MFTECmd, PECmd, BitsParser, and registry analysis tools.