CodeFreeze

CodeFreeze is a blue team lab that falls under the Endpoint Forensics category and will cover the following subjects: Event Viewer, CyberChef, Registry Explorer, Timeline Explorer, PECmd, DB Browser for SQLlite, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion.

Learning Objectives

Reconstruct the complete attack timeline by analyzing browser history, event logs, registry, and Git artifacts to identify initial access, persistence, and data exfiltration mechanisms.

Categories: Endpoint Forensics.

MITRE ATT&CK Tactics: Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion.

Tools: Event Viewer, CyberChef, Registry Explorer, Timeline Explorer, PECmd, DB Browser for SQLlite.

Difficulty: medium.