Blue Team Labs

Learn to perform Chromebook forensic analysis using tools like DB Browser and Notepad++, focusing on user artifacts, browser data, downloads, and Google Takeout for digital investigations.

Develop investigative skills by reconstructing user behavior, tracing digital footprints, and answering contextual questions based on evidence from a compromised system.

Using Volatility to investigate a Linux compromise, uncovering attacker techniques like persistence, rootkits, and network backdoors, while reinforcing skills in threat hunting and incident response.

Reconstruct a multi-stage attack chain using Volatility Framework to analyze memory dumps, identifying malware, persistence, credential theft, lateral movement, and C2 communications across compromised systems.

Investigate a simulated multi-stage attack to identify compromise and attacker activity using Elastic SIEM.

Reconstruct a HawkEye Keylogger data exfiltration incident by analyzing network traffic with Wireshark and CyberChef, identifying IoCs and stolen credentials.

Reconstruct a multi-stage PDF malware attack by analyzing network traffic, dissecting PDF objects, deobfuscating JavaScript, and emulating shellcode to identify payloads and exploited CVEs.

Synthesize forensic artifacts across registry, logs, and binaries to reconstruct a Log4Shell exploitation attack chain, identifying C2, persistence, and ransomware behavior.

Reconstruct a WebLogic server attack timeline by analyzing memory dumps with Volatility and MemProcFS to identify initial access, persistence, C2, and data exfiltration IOCs.

Synthesize network, document, and malware forensics findings to reconstruct a multi-stage phishing attack, identifying exploit chains and C2 communication.