Blue Team Labs

Reconstruct a multi-stage attack timeline by analyzing Sysmon and Windows event logs in Splunk to identify attacker tactics from initial access to data exfiltration.

Correlate Android and Windows forensic artifacts, including logs and malware analysis, to reconstruct a multi-stage BYOD breach from initial access to persistence.

Reconstruct an attack timeline by analyzing forensic artifacts to identify a UAC bypass, WMI persistence, and backdoor user creation techniques.

Analyze forensic artifacts to trace an attacker's progression from initial social engineering and remote access to a "Sticky Keys" privilege escalation.

Analyze browser, filesystem, and event artifacts to reconstruct the attack chain, identify the malicious download source, extract second-stage and C2 indicators, and determine persistence, account creation, and lateral movement.

Reconstruct the Fog ransomware attack chain by analyzing browser, registry, event logs, and MFT artifacts to identify initial access, persistence, BYOVD privilege escalation, and IOCs.

Reconstruct a multi-stage attack by analyzing Sysmon, WMI, and Prefetch logs to identify initial infection, advanced persistence, and C2 communications.

Utilize OSINT, VirusTotal, and crt.sh to analyze a multi-stage malvertising campaign, identifying initial access, malware payloads, and attacker infrastructure.

Reconstruct the Rhysida ransomware attack chain, identifying initial access, persistence, C2, and impact using Splunk and CyberChef.

Correlate Sysmon, Windows event logs, and PowerShell history to reconstruct a multi-stage Black Basta ransomware attack, identifying initial access, persistence, C2, exfiltration, and impact.