Blue Team Labs

Put your knowledge into practice with gamified cyber security challenges.

Boss Of The SOC v1

PREMIUM

Threat Hunting

medium

Reconstruct multi-stage attack scenarios by analyzing Splunk logs and integrating OSINT from VirusTotal, ThreatCrowd, and WHOXY to identify TTPs and IOCs.

RansomedTrust - Lynx

PREMIUMNew

Threat Hunting, Malware Analysis

hard

Investigate a multi-stage LYNX ransomware intrusion across two trusted Active Directory forests in Splunk, then statically analyze the recovered binary to surface developer artifacts and the embedded victim-contact infrastructure.

Formbook

PREMIUMNew

Endpoint Forensics, Malware Analysis

hard

Trace the attack chain from phishing delivery through obfuscated JavaScript, PowerShell loaders, and final payload execution.

Satisfaction

PREMIUM

Malware Analysis, Network Forensics

hard

A disgruntled customer, a compromised survey, and a trail of evidence hiding in plain sight — can you trace the attack from the first click to the final payload?

Maromafix Falldown - RansomHub

PREMIUM

Threat Hunting, Endpoint Forensics

hard

Reconstruct a multi-stage ransomware attack by correlating Windows event logs, disk artifacts, and malware analysis using Elastic, MFTECmd, RegRipper, and DNSpy.

MarkShell - TA577

PREMIUM

Threat Hunting

hard

Investigate a multi-stage phishing intrusion from initial access through domain compromise, persistence, and C2 deployment.

Code Blue - APT29

PREMIUM

Cloud Forensics

hard

Reconstruct a multi-stage APT29 intrusion by analyzing Azure and M365 logs to trace device code phishing, OAuth token abuse, service account chaining, Silver SAML forgery, and PHI exfiltration.

Recruiter - Hanoi Op

PREMIUM

Endpoint Forensics

hard

When a "candidate" submits a resume that’s more than it seems, it’s up to you to hunt through the artifacts, reconstruct the infection chain, and stop a data breach in its tracks.

RoastToRoot

PREMIUM

Network Forensics

hard

Analyze network traffic to reconstruct a complete domain compromise attack chain, from AS-REP Roasting and Kerberoasting through privilege escalation, lateral movement, and data exfiltration using rclone.

LFI Escalation

PREMIUM

Endpoint Forensics

hard