[13Cubed] Chaos at Cobalt Challenge  --  Investigating Windows Endpoint

Hey DDFAN folks, this challenge is hardcoded like Ali Hadi's cases, which this is one of the challenges in 13Cubed -- Investigation Windows Endpoint course, so the files are restricted to students only.

Many thanks to Richard Davis for letting me post walkthrough and documentation on the blog.

Scenario :

Cobalt Edge Technologies recently expanded its IT footprint, launching a new email system and website. Employees responded positively, but inexperienced staff failed to keep several applications updated. Shortly after the website went live, a threat actor gained access and began moving laterally within the network. Some unusual activity was noticed, but a full domain compromise occurred before containment began.