Zerologon

Zerologon is a blue team lab that falls under the Endpoint Forensics category and will cover the following subjects: Event Log Explorer, Event Viewer, CyberChef, NTFS Log Tracker, EZ Tools, KAPE, Lateral Movement.

Learning Objectives

Reconstruct a multi-stage attack by analyzing Windows event logs, USN Journal, and registry artifacts to identify TTPs, C2, and persistence mechanisms.

Categories: Endpoint Forensics.

MITRE ATT&CK Tactics: Lateral Movement.

Tools: EZ Tools, Event Log Explorer, KAPE, Event Viewer, NTFS Log Tracker, CyberChef.

Difficulty: hard.