Blue Team Labs
Put your knowledge into practice with gamified cyber security challenges.

Boss Of The SOC v1
Threat Hunting
mediumReconstruct multi-stage attack scenarios by analyzing Splunk logs and integrating OSINT from VirusTotal, ThreatCrowd, and WHOXY to identify TTPs and IOCs.

RansomedTrust - Lynx
Threat Hunting, Malware Analysis
hardInvestigate a multi-stage LYNX ransomware intrusion across two trusted Active Directory forests in Splunk, then statically analyze the recovered binary to surface developer artifacts and the embedded victim-contact infrastructure.

Formbook
Endpoint Forensics, Malware Analysis
hardTrace the attack chain from phishing delivery through obfuscated JavaScript, PowerShell loaders, and final payload execution.

Satisfaction
Malware Analysis, Network Forensics
hardA disgruntled customer, a compromised survey, and a trail of evidence hiding in plain sight — can you trace the attack from the first click to the final payload?

Maromafix Falldown - RansomHub
Threat Hunting, Endpoint Forensics
hardReconstruct a multi-stage ransomware attack by correlating Windows event logs, disk artifacts, and malware analysis using Elastic, MFTECmd, RegRipper, and DNSpy.

MarkShell - TA577
Threat Hunting
hardInvestigate a multi-stage phishing intrusion from initial access through domain compromise, persistence, and C2 deployment.

Code Blue - APT29
Cloud Forensics
hardReconstruct a multi-stage APT29 intrusion by analyzing Azure and M365 logs to trace device code phishing, OAuth token abuse, service account chaining, Silver SAML forgery, and PHI exfiltration.

Recruiter - Hanoi Op
Endpoint Forensics
hardWhen a "candidate" submits a resume that’s more than it seems, it’s up to you to hunt through the artifacts, reconstruct the infection chain, and stop a data breach in its tracks.

RoastToRoot
Network Forensics
hardAnalyze network traffic to reconstruct a complete domain compromise attack chain, from AS-REP Roasting and Kerberoasting through privilege escalation, lateral movement, and data exfiltration using rclone.

LFI Escalation
Endpoint Forensics