Blue Team Labs

Reconstruct a malicious PDF attack chain by analyzing embedded JavaScript, extracting the PE payload, identifying Windows API calls, and uncovering the C2 server and downloaded file.

Analyze a memory dump using forensic techniques to identify artifacts from a spear-phishing attack and trace its origin.

Investigate SIEM logs using GrayLog to identify indicators of compromise associated with the ProxyLogon vulnerability (CVE-2021-26855).

Correlate Windows Defender, Sysmon, and Security logs in Elastic Stack to reconstruct HafinumAPT's initial access, persistence, and lateral movement TTPs.

Analyze a Windows memory dump using Volatility to identify malicious processes, extract hidden data, investigate registry artifacts, and uncover user activity and persistence mechanisms.

Learn to investigate a domain controller compromise by analyzing logs, memory, and artifacts to uncover attacker tactics, persistence methods, and the full intrusion timeline.

Reconstruct advanced malware execution by performing dynamic analysis and memory forensics to diagnose process hollowing, dynamic API resolution, and string obfuscation.

Analyze a memory dump with Volatility to uncover hidden Emotet malware, investigate its code injection, and reconstruct kernel-level evasion tactics like DKOM.

Integrate diverse reverse engineering tools and techniques to synthesize solutions for advanced, multi-platform malware analysis challenges.

Apply Splunk search queries to extract information and answer questions from provided log data.