Blue Team Labs

Reconstruct a network intrusion by analyzing PCAP traffic with Wireshark, identifying a CVE-2003-0533 exploit, extracting malware, and performing shellcode analysis with scdbg to uncover attacker techniques and IOCs.

Analyze SIP and RTP protocols using Wireshark and BrimSecurity to identify malicious VoIP communication patterns and artifacts.

Analyze diverse network traffic using Wireshark to decrypt HTTPS, identify protocol misconfigurations, and extract critical network and system forensic artifacts.

Reconstruct a multi-stage attack by analyzing network traffic, cracking credentials, and reverse engineering malware using Wireshark, John the Ripper, and IDA Pro to identify persistence and C2 commands.

Investigate email, document, and network traffic using VirusTotal, oledump, and Wireshark to identify ransomware delivery mechanisms and C2 communications.

Investigate network traffic using Wireshark, NetworkMiner, and Suricata to identify the specific malicious email responsible for system compromise.

Reconstruct a malware infection timeline by analyzing network traffic, identifying exploit kit activity, and extracting indicators of compromise using Wireshark and NetworkMiner.

Synthesize network, binary, and threat intelligence artifacts to reconstruct an exploit kit attack chain, identifying components, deobfuscating payloads, and analyzing binary protections.

Reconstruct an exploit kit attack chain from network traffic, identifying the infected host, extracting malware, and determining the exploited CVE using Wireshark and forensic tools.

Analyze network traffic using Wireshark to identify an infected host, trace an exploit kit infection chain, and extract malicious URLs and file hashes.