Having fun while learning about and pivoting into the world of DFIR.
by ogmini
Just finished “Incident Response Triage - Mitigation (IR218)” offered by CISA. I talked about these in a previous post and would encourage those eligible to register.
In the course we were given overviews about:
I was only registered as an observer this time for the purposes of the hands-on lab portions. I didn’t get to press the buttons; but was guided through the exercises by one of the instructors.
I thoroughly enjoyed the course even though I was just an observer this time. The course was a good refresher on the various techniques to gain and maintain persistence on a Windows system. Everything from the various registry keys to startup folders. We talked about a few tools such as Autoruns, Trawler, and Velociraptor. The lab/exercise was centered on using Autoruns during an incident response and analyzing what it found. The next lab focused on using Powershell to perform a similar investigation.
The last section used Volt Typoon to discuss the various goals for mitigation and tips related to them. In short, you want to:
The instructors utilized kahoot.it as a really fun way to review the material after every section. Was a much better way than listening to a voice giving a summary. The audience definitely seemed to enjoy it and it brought out the competitive side for everyone. I hope they continue using it.
tags: training