Blue Team Labs

Correlate Windows Defender, Sysmon, and Security logs in Elastic Stack to reconstruct HafinumAPT's initial access, persistence, and lateral movement TTPs.

Analyze a Windows memory dump using Volatility to identify malicious processes, extract hidden data, investigate registry artifacts, and uncover user activity and persistence mechanisms.

Learn to investigate a domain controller compromise by analyzing logs, memory, and artifacts to uncover attacker tactics, persistence methods, and the full intrusion timeline.

Reconstruct advanced malware execution by performing dynamic analysis and memory forensics to diagnose process hollowing, dynamic API resolution, and string obfuscation.

Analyze a memory dump with Volatility to uncover hidden Emotet malware, investigate its code injection, and reconstruct kernel-level evasion tactics like DKOM.

Integrate diverse reverse engineering tools and techniques to synthesize solutions for advanced, multi-platform malware analysis challenges.

Apply Splunk search queries to extract information and answer questions from provided log data.

Apply Attack-Based Hunting methodology using Splunk to analyze and correlate diverse network and host logs, identifying multiple distinct cyberattack scenarios.

Apply Attack-Based Hunting principles to Splunk logs, correlating Windows and Sysmon data to identify and reconstruct a multi-stage ransomware attack.

Correlate diverse forensic artifacts from memory, registry, browser, and NTFS logs using advanced tools like Mimikatz, Ghidra, and CyberChef to reconstruct a complex data breach and C2 infrastructure.