Blue Team Labs

Analyze malware behavior to identify persistence methods, evasion techniques, and C2 infrastructure by extracting artifacts and configuration data from static and dynamic analysis.

Analyze a forensic image to extract communication artifacts, identify malware behavior, and decrypt encrypted files using FTK Imager, string analysis, and PowerShell scripting.

Reconstruct a Bad Rabbit ransomware attack chain by analyzing phishing, persistence, and MBR modification using dynamic analysis and MITRE ATT&CK.

Analyze email headers and threat intelligence to identify phishing indicators, malware persistence, and C2 channels, extracting actionable IOCs.

Reconstruct a BlueSky ransomware attack by analyzing network traffic, decoding PowerShell scripts, and examining persistence mechanisms to identify attacker tactics and IOCs.

Investigate a Java deserialization vulnerability in Apache ActiveMQ that enables remote code execution through insecure class loading.

Analyze Windows 10 notification artifacts, installed applications, LNK files, and Applications logs to uncover malicious activity and enhance forensic investigation capabilities.

Understand real-world Linux compromise via CVE-2021-41773 by analyzing disk, memory, and system artifacts to identify attacker techniques, persistence methods, and IOCs.

Conduct endpoint forensic analysis to detect, analyze, and understand malware infections using disk images, registry artifacts, and threat intelligence.

Develop practical skills in Windows memory forensics using Volatility by detecting malware indicators, analyzing suspicious processes, and identifying code injection and unauthorized DLLs in a compromised system.