Blue Team Labs

Learn to investigate a domain controller compromise by analyzing logs, memory, and artifacts to uncover attacker tactics, persistence methods, and the full intrusion timeline.

Reconstruct a Diameter signaling attack on an LTE core network using Kibana to identify 2FA bypass and unauthorized transactions.

Analyze network traffic, deobfuscate JavaScript, and examine shellcode to reconstruct a drive-by download attack chain, identifying malware, exploits, and attack methodology using Wireshark and forensic tools.

Evaluate a memory image using Volatility and forensic tools to reconstruct the attack chain initiated by a malicious PDF with JavaScript.

Apply Splunk search queries to extract information and answer questions from provided log data.

Apply Attack-Based Hunting methodology using Splunk to analyze and correlate diverse network and host logs, identifying multiple distinct cyberattack scenarios.

Apply Attack-Based Hunting principles to Splunk logs, correlating Windows and Sysmon data to identify and reconstruct a multi-stage ransomware attack.

Correlate diverse forensic artifacts from memory, registry, browser, and NTFS logs using advanced tools like Mimikatz, Ghidra, and CyberChef to reconstruct a complex data breach and C2 infrastructure.

Correlate Splunk logs and host forensic artifacts from triage images to reconstruct a multi-stage TeamCity compromise and identify attacker TTPs.

Analyze the Phobos ransomware executable to identify its core behavior, encryption methods, and extract actionable indicators of compromise (IOCs).