Lockdown is a blue team lab that falls under the Network Forensics category and will cover the following subjects: Wireshark, MemProcFS, Volatility 3, FLOSS/Strings, Threat Intel tools, Execution, Persistence, Privilege Escalation, Defense Evasion, Discovery, Lateral Movement, Command and Control.
Learning Objectives
Reconstruct a multi-stage intrusion by analyzing network traffic, memory, and malware artifacts using Wireshark, Volatility, and VirusTotal, mapping findings to MITRE ATT&CK.