Blue Team Labs

Analyze a malicious Chrome extension's code and behavior to identify data theft mechanisms, covert exfiltration via `<img>` tags, and anti-analysis techniques.

Analyze malware behavior to identify persistence methods, evasion techniques, and C2 infrastructure by extracting artifacts and configuration data from static and dynamic analysis.

Reconstruct a multi-stage PDF malware attack by analyzing network traffic, dissecting PDF objects, deobfuscating JavaScript, and emulating shellcode to identify payloads and exploited CVEs.

Deobfuscate multi-stage VBA and JavaScript malware from a Word document, extracting IOCs and reconstructing execution flow with Oledump, CyberChef, and WSH.

Reconstruct fragmented shellcode from a malicious RTF document and emulate its execution using `rtfdump.py` and `scdbg` to identify CVE-2017-11882 payload delivery.

Analyze Excel 4.0 macros using XLMDeobfuscator and OLEDUMP to identify anti-analysis techniques and subsequent stage download attempts.

Analyze obfuscated scripts to identify malicious infrastructure, specifically extracting the first FQDN used to download a trojan, enhancing skills in threat hunting and incident response.

Analyze diverse file types including binaries, obfuscated scripts, and corrupted archives using tools like Cutter, hex editors, and debuggers to extract hidden flags and reverse custom encryption.

Reverse engineer and analyze RotaJakiro Linux malware using Ghidra, strace, and Wireshark to identify persistence, anti-analysis, and C2 mechanisms.

Reconstruct advanced malware execution by performing dynamic analysis and memory forensics to diagnose process hollowing, dynamic API resolution, and string obfuscation.

Integrate diverse reverse engineering tools and techniques to synthesize solutions for advanced, multi-platform malware analysis challenges.

Analyze the Phobos ransomware executable to identify its core behavior, encryption methods, and extract actionable indicators of compromise (IOCs).

Analyze packed ShadowSteal malware using dynamic and static reverse engineering to extract the RC4 key, mutex, and self-deletion command.

Reverse engineer advanced stealer malware, identifying PE structure, dynamic API resolution, anti-analysis techniques, and RC4 string decryption to extract C2 IOCs using IDA Pro and CAPA.

Analyze and reverse engineer complex malicious challenges using static and dynamic analysis tools to uncover hidden functionality and extract IOCs.

Synthesize advanced reverse engineering techniques to analyze complex malicious binaries and extract hidden flags using IDA Pro, debuggers, and specialized tools.

Reverse engineer diverse, obfuscated malware samples using static and dynamic analysis tools to identify functionality and extract embedded artifacts.

Synthesize advanced static and dynamic analysis techniques using IDA Pro and debuggers to solve complex reverse engineering challenges.

Determine hidden flags and program logic by reverse engineering unknown binaries using static and dynamic analysis tools.

Reverse engineer multi-stage malicious binaries using IDA Pro and debuggers to uncover hidden functionality and extract embedded flags.