A C2 attack compromised an accounting company through a spoofed email containing a malicious .doc file. An HTTP connection on port 80, downloading a zip file that created startup persistence and initiated base64-encoded C2 communications through a reverse proxy. 

Programs and tools used in this investigation: 

BRIM (packets analysis), Event Viewer (system events), Timeline Explorer: ( logs analysis), PowerShell, Wireshark (network analyzer), Sysmon viewer (display logs generated by Sysmon)

Proficient use of Volatility to analyze the RAM image of a Windows server that had been compromised. This analysis was performed in a Linux virtual environment to maintain isolation and security. Demonstrated proficient use of Linux tools (grep, strings, grep, etc.) to investigate artifacts, Volatility plugins (windows.netstat, windows.netscan, windows.pstree, etc) 

Programs and tools:

Linux, Windows 10, LIME, FTK Imager, Networking, DHCP, IPv4, Volatility, RAM Forensics

Setting up a home lab in VirtualBox requires a combination of technical proficiency, problem-solving, and networking expertise. This project showcases the application of virtualization techniques, operating system configuration, and networking fundamentals to create a fully functional lab environment.

Programs and tools:

VirtualBox, Ubuntu, Windows 10, Networking, DHCP server setup, IPv4 subnet