Blue Team Labs

Investigate a multi-stage phishing attack by analyzing LNK files, de-obfuscating scripts, identifying C2, decrypting payloads, and attributing the TTPs to the UAC-0057 APT group.

Reconstruct a malicious PDF attack chain by analyzing embedded JavaScript, extracting the PE payload, identifying Windows API calls, and uncovering the C2 server and downloaded file.

Analyze malware file system activity with ProcMon, identify scheduled task persistence using AutoRuns, and configure PowerShell logging for script execution.

Analyze a memory dump using forensic techniques to identify artifacts from a spear-phishing attack and trace its origin.

Reconstruct advanced malware execution by performing dynamic analysis and memory forensics to diagnose process hollowing, dynamic API resolution, and string obfuscation.

Integrate diverse reverse engineering tools and techniques to synthesize solutions for advanced, multi-platform malware analysis challenges.

Synthesize static and dynamic analysis findings using x64dbg and IDA Pro to deconstruct a multi-stage loader's anti-analysis techniques and identify its .NET infostealer payload.

Analyze the Phobos ransomware executable to identify its core behavior, encryption methods, and extract actionable indicators of compromise (IOCs).

Analyze packed ShadowSteal malware using dynamic and static reverse engineering to extract the RC4 key, mutex, and self-deletion command.

Reverse engineer advanced stealer malware, identifying PE structure, dynamic API resolution, anti-analysis techniques, and RC4 string decryption to extract C2 IOCs using IDA Pro and CAPA.