Attack & Defend Your Lab
Perform a realistic attack using a C2 Framework on your lab VM and investigate it.
Once you have your lab tuned in, we can get to the fun part. Perform attacks and investigate them within your own lab environment! To do so, you can enroll in our FREE C2 Attack & Defend DIY Course!
About this FREE course
You will utilize the Empire Command and Control (C2) framework to carry out an attack on a Windows target VM. Following this, you will transition from the role of attacker to defender, conducting initial event analysis with Splunk, remote analysis and data collection with Velociraptor, and forensic analysis of registry keys and decoding obfuscated payloads. This course offers a true “purple team” approach, where you can learn from both the perspective of a red team operator and a blue team investigator.
Course Content
Requirements:
- This course builds on a lab setup, which is documented in our free Build Your Lab series.
- It requires at least one Windows VM and a Kali Linux VM.
- Additionally, you will need a host VM with the following tools installed.
- Splunk
- Velociraptor
Lab Architecture
Instructions on how to set up the lab environment are provided in the course.
DFIR Series Road Map: