Blue Team Labs

Put your knowledge into practice with gamified cyber security challenges.

TomCracked

PREMIUM

Network Forensics

hard

Analyze a web server compromise by analyzing network traffic to trace a Java deserialization exploit and the subsequent deployment of a Cobalt Strike beacon.

Rilide

PREMIUM

Malware Analysis

hard

Reconstruct Rilide browser extension attack mechanisms by deobfuscating JavaScript, analyzing Chrome extension artifacts, and leveraging OSINT to identify persistence, C2, and exfiltration IOCs.

Midnight RDP

PREMIUM

Threat Hunting

hard

Reconstruct a sophisticated intrusion's timeline by correlating Windows Event, Sysmon, and PowerShell logs in Splunk, identifying RDP-based initial access, persistence, privilege escalation, and C2.

SolarDisruption

PREMIUM

Network Forensics

hard

Investigate PLC network traffic and system logs to identify insider manipulation attempts and determine the cause of the solar panel disruption at AetherCore Technologies.

PaloAltoRCE - UTA0218

PREMIUM

Threat Hunting

hard

Reconstruct a Palo Alto RCE attack timeline by analyzing firewall logs in ELK, identifying initial access, reverse shell, persistence, and data exfiltration artifacts.

SpottedInTheWild

Endpoint Forensics

hard

Reconstruct an attack timeline by analyzing disk images, event logs, and malicious scripts to identify initial access, persistence, and data exfiltration techniques.

GhostDetect

PREMIUM

Malware Analysis

hard

Investigate a multi-stage phishing attack by analyzing LNK files, de-obfuscating scripts, identifying C2, decrypting payloads, and attributing the TTPs to the UAC-0057 APT group.

OceanLotus

PREMIUM

Malware Analysis

hard

Analyze a memory dump using forensic techniques to identify artifacts from a spear-phishing attack and trace its origin.

ProxyShell

PREMIUM

Network Forensics

hard

Analyze network traffic to identify exploitation attempts targeting the ProxyShell vulnerability and extract relevant indicators of compromise.

ProxyLogon - HAFNIUM

PREMIUM

Threat Hunting

hard

Investigate SIEM logs using GrayLog to identify indicators of compromise associated with the ProxyLogon vulnerability (CVE-2021-26855).