Blue Team Labs

Investigate macOS disk images using Autopsy, mac_apt, and SQLite to identify and extract hidden data potentially concealed with steganography.

Evaluate forensic artifacts from a disk image to confirm unauthorized port scanning and assess user intent for installing illegal applications.

Reconstruct a data exfiltration incident by correlating memory, disk, network, and log artifacts using a suite of forensic tools.

Reconstruct a multi-stage attack by analyzing network traffic, cracking credentials, and reverse engineering malware using Wireshark, John the Ripper, and IDA Pro to identify persistence and C2 commands.

Reverse engineer and analyze RotaJakiro Linux malware using Ghidra, strace, and Wireshark to identify persistence, anti-analysis, and C2 mechanisms.

Reconstruct an attack timeline by analyzing disk images, event logs, and malicious scripts to identify initial access, persistence, and data exfiltration techniques.

Analyze a Windows memory dump using Volatility to identify malicious processes, extract hidden data, investigate registry artifacts, and uncover user activity and persistence mechanisms.

Investigate iOS device artifacts using iLEAPP and SQLite Browser to identify anomalous user behavior and potential illicit activity.

Reconstruct the attack timeline by analyzing memory dumps and suspicious document files using Volatility, OfficeMalScanner, and VirusTotal.

Reconstruct advanced malware execution by performing dynamic analysis and memory forensics to diagnose process hollowing, dynamic API resolution, and string obfuscation.