ELPACO-team

ELPACO-team is a blue team lab that falls under the Endpoint Forensics category and will cover the following subjects: Event Log Explorer, Registry Explorer, NTFS Log Tracker, Timeline Explorer, Volatility 3, Eric Zimmerman Tools, Execution, Persistence, Defense Evasion, Credential Access, Command and Control, Impact.

Learning Objectives

Correlate Sysmon, MFT, and application logs to reconstruct a ransomware attack timeline, identifying persistence, defense evasion, and data exfiltration TTPs.

Categories: Endpoint Forensics.

MITRE ATT&CK Tactics: Execution, Persistence, Defense Evasion, Credential Access, Command and Control, Impact.

Tools: Event Log Explorer, Eric Zimmerman Tools, NTFS Log Tracker, Registry Explorer, Timeline Explorer, Volatility 3.

Difficulty: medium.