LockBit is a blue team lab that falls under the Endpoint Forensics category and will cover the following subjects: Event Log Explorer, Event Viewer, CyberChef, EZ Tools, KAPE, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Lateral Movement, Impact.
Learning Objectives
Reconstruct a multi-system LockBit ransomware attack chain by correlating Windows event logs, registry artifacts, and PowerShell activity to identify TTPs.