Retired Blue Team Lab Walkthrough | Divorce Court | Incident Response скачать в хорошем качестве

Retired Blue Team Lab Walkthrough | Divorce Court | Incident Response

Welcome to BTLO Replay, a video series that will take you through retired BTLO labs. Videos are posted every Friday at 6pm BST (UTC+1). This week’s investigation is Divorce Court, a hard difficulty incident response lab. Difficulty: Hard The Divorce Court scenario: One of our senior executives, Lord Admin Clickford III demanded we give him a local admin account on his workstation, since he's "*something of a computer genius*" as he like to say. Regardless, he clicks and opens nearly everything he sees and now we're becoming increasingly concerned about what else he might have done, specially as APT32 has been reported actively targeting our region. Since he's known for following best practices, the wizard has yet again compromised our environment. We've performed a disk and memory acquisition for the workstation and handed off the analysis tasks for this workstation to you to follow up on. Let's find the answers! 0:00 – Introduction 1:47 – Question 1 3:29 – Question 2 7:10 – Question 3 9:14 – Question 4 10:12 – Question 5 21:52 – Question 6 23:18 – Question 7 24:00 – Question 8 29:11 – Question 9 30:54 – Question 10 26:23 – Question 11 43:17 – Question 12 45:27 – Question 13 49:45 – Question 14 52:05 – Question 15 59:15 – Question 16 1:00:45 – Summary -- Powered by global blue team training provider, Security Blue Team, BTLO is a gamified platform for defenders to sharpen their skills during engaging security investigation and challenge scenarios. The BTLO Replay series takes viewers through walkthroughs of retired labs. Visit the BTLO website to take on these challenges for yourself and discover new labs launching regularly. SUBSCRIBE:    / @secblueteam   WEBSITE: https://blueteamlabs.online DISCORD:   / discord   TWITTER:   / bluelabsonline   LINKEDIN:   / blue-team-labs-online   #incidentresponse #blueteam #blueteamlabsonline