DetectLog4j

DetectLog4j is a blue team lab that falls under the Endpoint Forensics category and will cover the following subjects: Arsenal Image Mounter, Registry Explorer, RegRipper, Event Log Explorer, dnSpy, CyberChef, FakeNet, VirusTotal, IPLookUp, dissect, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Command and Control, Impact.

Learning Objectives

Synthesize forensic artifacts across registry, logs, and binaries to reconstruct a Log4Shell exploitation attack chain, identifying C2, persistence, and ransomware behavior.

Categories: Endpoint Forensics.

MITRE ATT&CK Tactics: Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Command and Control, Impact.

Tools: Arsenal Image Mounter, Registry Explorer, RegRipper, Event Log Explorer, dnSpy, CyberChef, FakeNet, VirusTotal, IPLookUp, dissect.

Difficulty: medium.