Blue Team Labs

Reconstruct a Palo Alto RCE attack timeline by analyzing firewall logs in ELK, identifying initial access, reverse shell, persistence, and data exfiltration artifacts.

Investigate a Linux server compromise by analyzing the XZ backdoor, web shell, log data, and OSINT to uncover attacker TTPs and extract critical IOCs.

Analyze a memory dump using forensic techniques to identify artifacts from a spear-phishing attack and trace its origin.

Analyze network traffic to identify exploitation attempts targeting the ProxyShell vulnerability and extract relevant indicators of compromise.

Investigate SIEM logs using GrayLog to identify indicators of compromise associated with the ProxyLogon vulnerability (CVE-2021-26855).

Reconstruct the attack timeline by analyzing memory dumps and suspicious document files using Volatility, OfficeMalScanner, and VirusTotal.

Learn to investigate a domain controller compromise by analyzing logs, memory, and artifacts to uncover attacker tactics, persistence methods, and the full intrusion timeline.

Apply Splunk search queries to extract information and answer questions from provided log data.

Apply Attack-Based Hunting methodology using Splunk to analyze and correlate diverse network and host logs, identifying multiple distinct cyberattack scenarios.

Apply Attack-Based Hunting principles to Splunk logs, correlating Windows and Sysmon data to identify and reconstruct a multi-stage ransomware attack.