Blue Team Labs

Put your knowledge into practice with gamified cyber security challenges.

Boss Of The SOC v1

PREMIUM

Threat Hunting

medium

Reconstruct multi-stage attack scenarios by analyzing Splunk logs and integrating OSINT from VirusTotal, ThreatCrowd, and WHOXY to identify TTPs and IOCs.

ClawHavoc

PREMIUM

Malware Analysis

hard

BlindSentry

PREMIUM

Threat Hunting

hard

Gh0stNet Intrusion

PREMIUMNew

Threat Hunting, Endpoint Forensics

hard

Synthesize forensic evidence from disk images, PCAP, and Splunk logs to reconstruct a Gh0stNet intrusion, identifying C2, persistence, and data exfiltration via DNS tunneling.

BYOVD - Hive0163

PREMIUMNew

Endpoint Forensics, Malware Analysis

hard

Correlate diverse forensic artifacts to reconstruct a multi-stage ransomware attack, synthesizing insights from BYOVD, custom packer, and anti-analysis techniques.

RansomedTrust - Lynx

PREMIUMNew

Threat Hunting, Malware Analysis

hard

Investigate a multi-stage LYNX ransomware intrusion across two trusted Active Directory forests in Splunk, then statically analyze the recovered binary to surface developer artifacts and the embedded victim-contact infrastructure.

Formbook

PREMIUM

Endpoint Forensics, Malware Analysis

hard

Trace the attack chain from phishing delivery through obfuscated JavaScript, PowerShell loaders, and final payload execution.

Satisfaction

PREMIUM

Malware Analysis, Network Forensics

hard

A disgruntled customer, a compromised survey, and a trail of evidence hiding in plain sight — can you trace the attack from the first click to the final payload?

Maromafix Falldown - RansomHub

PREMIUM

Threat Hunting, Endpoint Forensics

hard

Reconstruct a multi-stage ransomware attack by correlating Windows event logs, disk artifacts, and malware analysis using Elastic, MFTECmd, RegRipper, and DNSpy.

MarkShell - TA577

PREMIUM

Threat Hunting

hard

Investigate a multi-stage phishing intrusion from initial access through domain compromise, persistence, and C2 deployment.