
Solving the ShadowCitadel Lab Blue team challenge
A host-based forensics walkthrough of the ShadowCitadel challenge: following the attack from a malicious email attachment through a PowerShell downloader and second-stage executable to the C2 beacon IP and persistence mechanisms.








