Blue Team Labs

Analyze diverse log sources in QRadar SIEM to identify compromised systems, detect malicious tools, and reconstruct the sequence of attack events.

Analyze obfuscated scripts to identify malicious infrastructure, specifically extracting the first FQDN used to download a trojan, enhancing skills in threat hunting and incident response.

Reconstruct a network intrusion by analyzing PCAP traffic with Wireshark, identifying a CVE-2003-0533 exploit, extracting malware, and performing shellcode analysis with scdbg to uncover attacker techniques and IOCs.

Analyze SIP and RTP protocols using Wireshark and BrimSecurity to identify malicious VoIP communication patterns and artifacts.

Analyze various Linux system logs using grep, awk, and sed to identify attacker TTPs, persistence, and reconstruct the attack timeline.

Analyze Linux system artifacts, including memory dumps and logs, with Volatility and FTK Imager to reconstruct an attack and identify IOCs.

Investigate network attack artifacts by analyzing logs in Kibana to identify compromised systems and incident timelines.

Apply open-source intelligence (OSINT) techniques using Whois, Wayback Machine, and Google Lens to investigate digital footprints and extract specific information.

Evaluate a Windows disk image by correlating registry, event log, browser, and MFT artifacts to reconstruct evidence of corporate secret exfiltration.

Analyze diverse file types including binaries, obfuscated scripts, and corrupted archives using tools like Cutter, hex editors, and debuggers to extract hidden flags and reverse custom encryption.