Blue Team Labs

Reconstruct multi-stage ransomware attack by correlating Splunk telemetry, disk forensics, and registry artifacts to identify persistence mechanisms, credential dumping, and lateral movement.

Reconstruct a multi-stage attack timeline by analyzing Sysmon and Windows event logs in Splunk to identify attacker tactics from initial access to data exfiltration.

Correlate Android and Windows forensic artifacts, including logs and malware analysis, to reconstruct a multi-stage BYOD breach from initial access to persistence.

Reconstruct an attack timeline by analyzing forensic artifacts to identify a UAC bypass, WMI persistence, and backdoor user creation techniques.

Analyze forensic artifacts to trace an attacker's progression from initial social engineering and remote access to a "Sticky Keys" privilege escalation.

Analyze browser, filesystem, and event artifacts to reconstruct the attack chain, identify the malicious download source, extract second-stage and C2 indicators, and determine persistence, account creation, and lateral movement.

Reconstruct the Fog ransomware attack chain by analyzing browser, registry, event logs, and MFT artifacts to identify initial access, persistence, BYOVD privilege escalation, and IOCs.

Reconstruct a multi-stage attack by analyzing Sysmon, WMI, and Prefetch logs to identify initial infection, advanced persistence, and C2 communications.

Utilize OSINT, VirusTotal, and crt.sh to analyze a multi-stage malvertising campaign, identifying initial access, malware payloads, and attacker infrastructure.