Blue Team Labs

Learn to use Splunk for detecting, analyzing, and investigating cybersecurity threats through log analysis, threat hunting, privilege escalation, lateral movement, and advanced attack techniques.

Investigate a simulated multi-stage attack to identify compromise and attacker activity using Elastic SIEM.

Analyze diverse log sources in QRadar SIEM to identify compromised systems, detect malicious tools, and reconstruct the sequence of attack events.

Investigate network attack artifacts by analyzing logs in Kibana to identify compromised systems and incident timelines.

Reconstruct multi-stage attack scenarios by analyzing Splunk logs and integrating OSINT from VirusTotal, ThreatCrowd, and WHOXY to identify TTPs and IOCs.

Reconstruct a multi-stage ransomware attack by correlating Windows event logs, disk artifacts, and malware analysis using Elastic, MFTECmd, RegRipper, and DNSpy.

Investigate a multi-stage phishing intrusion from initial access through domain compromise, persistence, and C2 deployment.

Hunt through Splunk logs to uncover how attackers exploited a DMZ server, pivoted to the internal network, and deployed ransomware after exfiltrating sensitive data.

Correlate Splunk Sysmon logs and disk forensic artifacts across multiple hosts to reconstruct a multi-stage Latrodectus malware intrusion from initial access to data exfiltration.

Reconstruct RansomHub ransomware attack chain by correlating Splunk logs and disk artifacts to identify password spray, lateral movement, data exfiltration, and ransomware deployment tactics.