Silent Miner - DFIR Lab

Something suspicious is happening on this Windows workstation. The system appears mostly idle, yet CPU usage spikes outside business hours. Initial triage found that the system was accessed remotely and used to deploy a cryptocurrency miner while attempting to remain unnoticed.

You have been provided a forensic image of the Windows workstation with Velociraptor preinstalled. Using Velociraptor, perform a digital forensics investigation to reconstruct the attacker’s actions.

Mobile Hacking Conference

This lab was part of the Mobile Hacking Conference talk:

Rapid response: Windows DFIR with Velociraptor

by Andreas van Leeuwen Flamino, and is an introduction to the upcoming Windows DFIR course.

Make sure to watch the recording on YouTube, you will need the context to solve the lab!

Objective

Your goal is to identify the attacker’s actions, persistence mechanisms, and the malicious components involved in the Silent Miner compromise.

Course Lessons

Socials

Resources

Mobile Hacking
Lab Blogs
Try Our Program
for Free
Affiliate Program

Legal

Privacy Policy
Terms of Use
Cookie Policy
Affiliate Programm Terms

Company

Mobile Hacking Lab B.V.
Registration:
97390453
VAT:
NL868032281B01