Blue Team Labs

Apply Attack-Based Hunting methodology using Splunk to analyze and correlate diverse network and host logs, identifying multiple distinct cyberattack scenarios.

Apply Attack-Based Hunting principles to Splunk logs, correlating Windows and Sysmon data to identify and reconstruct a multi-stage ransomware attack.

Correlate diverse forensic artifacts from memory, registry, browser, and NTFS logs using advanced tools like Mimikatz, Ghidra, and CyberChef to reconstruct a complex data breach and C2 infrastructure.

Synthesize static and dynamic analysis findings using x64dbg and IDA Pro to deconstruct a multi-stage loader's anti-analysis techniques and identify its .NET infostealer payload.

Correlate Splunk logs and host forensic artifacts from triage images to reconstruct a multi-stage TeamCity compromise and identify attacker TTPs.

Analyze the Phobos ransomware executable to identify its core behavior, encryption methods, and extract actionable indicators of compromise (IOCs).

Analyze and reverse engineer complex malicious challenges using static and dynamic analysis tools to uncover hidden functionality and extract IOCs.

Synthesize advanced reverse engineering techniques to analyze complex malicious binaries and extract hidden flags using IDA Pro, debuggers, and specialized tools.

Reverse engineer diverse, obfuscated malware samples using static and dynamic analysis tools to identify functionality and extract embedded artifacts.

Synthesize advanced static and dynamic analysis techniques using IDA Pro and debuggers to solve complex reverse engineering challenges.