Blue Team Labs
Put your knowledge into practice with gamified cyber security challenges.

Boss Of The SOC v1
Threat Hunting
mediumReconstruct multi-stage attack scenarios by analyzing Splunk logs and integrating OSINT from VirusTotal, ThreatCrowd, and WHOXY to identify TTPs and IOCs.

ClawHavoc
Malware Analysis

BlindSentry
Threat Hunting

Gh0stNet Intrusion
Threat Hunting, Endpoint Forensics
hardSynthesize forensic evidence from disk images, PCAP, and Splunk logs to reconstruct a Gh0stNet intrusion, identifying C2, persistence, and data exfiltration via DNS tunneling.

BYOVD - Hive0163
Endpoint Forensics, Malware Analysis
hardCorrelate diverse forensic artifacts to reconstruct a multi-stage ransomware attack, synthesizing insights from BYOVD, custom packer, and anti-analysis techniques.

RansomedTrust - Lynx
Threat Hunting, Malware Analysis
hardInvestigate a multi-stage LYNX ransomware intrusion across two trusted Active Directory forests in Splunk, then statically analyze the recovered binary to surface developer artifacts and the embedded victim-contact infrastructure.

Formbook
Endpoint Forensics, Malware Analysis
hardTrace the attack chain from phishing delivery through obfuscated JavaScript, PowerShell loaders, and final payload execution.

Satisfaction
Malware Analysis, Network Forensics
hardA disgruntled customer, a compromised survey, and a trail of evidence hiding in plain sight — can you trace the attack from the first click to the final payload?

Maromafix Falldown - RansomHub
Threat Hunting, Endpoint Forensics
hardReconstruct a multi-stage ransomware attack by correlating Windows event logs, disk artifacts, and malware analysis using Elastic, MFTECmd, RegRipper, and DNSpy.

MarkShell - TA577
Threat Hunting
hardInvestigate a multi-stage phishing intrusion from initial access through domain compromise, persistence, and C2 deployment.