Blue Team Labs

Investigate and analyze malicious activity in an Active Directory environment using log analysis and Splunk queries to identify initial access, persistence, lateral movement, and data exfiltration techniques.

Analyze email headers and threat intelligence to identify phishing indicators, malware persistence, and C2 channels, extracting actionable IOCs.

Learn to investigate ransomware attacks by analyzing logs, registry entries, and artifacts to trace attacker actions, tools used, and identify indicators of compromise.

Learn to analyze and dissect Agent Tesla malware by unpacking, identifying embedded scripts, tracing data exfiltration, detecting persistence mechanisms, and understanding anti-VM evasion techniques.

Analyze memory artifacts and trace a ransomware attack's origin, execution, and persistence using forensic tools like Volatility 3 and MemProcFS.

Understand and analyze ATM-targeting malware using static analysis tools, identify malicious behaviors, and trace how malware exploits legitimate APIs like XFS to manipulate ATM hardware and perform unauthorized actions.

Reconstruct a BlueSky ransomware attack by analyzing network traffic, decoding PowerShell scripts, and examining persistence mechanisms to identify attacker tactics and IOCs.

This lab aims to equip learners with practical skills in malware analysis by dissecting a multi-stage AsyncRAT infection. Participants will explore obfuscation techniques, payload extraction, persistence mechanisms, and steganographic methods used in real-world malware, enhancing their ability to detect, analyze, and respond to complex cyber threats.

Perform forensic analysis on a compromised Windows system to identify malware, trace attacker activity, and understand persistence mechanisms.

Investigate a real-world cyberattack, identify compromise indicators, trace attacker activities, and apply forensic and threat intelligence techniques.