Course curriculum

    1. Welcome

    2. Download Cyber Triage

    3. Download the Case File

    4. Installing Cyber Triage & Loading the Case File

    5. Issues / Problems

    1. Which version of Windows is installed?

    2. Are there any Windows settings that are misconfigured?

    3. Are there any known RCE vulnerabilitiles in the OS or running applications?

    1. How did the attacker most likely get in?

    2. What is the name of the suspicious binary?

    3. Approximately what date and time was the initial access?

    1. In which directory did the attacker store their tools?

    2. Bonus: Why do attackers frequently use that directory?

    3. Which command and control malware was installed?

    4. Which ransomware was installed?

    1. What is the path and filename of the C2 malware?

    2. What date and time was the C2 malware created on the victim host?

    3. What is the call-back IP address for the C2 malware?

    1. What is the path and filename of the ransomware?

    2. What date and time was the ransomware created on the victim host?

    3. What is the path and filename of the startup item created by Wannacry?

    4. What is the Bitcoin address the ransomers are using?

About this course

  • Free
  • 24 lessons
  • 1 hour of video content