Blue Team Labs

Analyze a spearphishing email to identify social engineering techniques and extract indicators of compromise from its headers and malicious attachment.

Employ Volatility to analyze a memory dump, identifying suspicious processes, network IOCs, memory protections, and attacker's command-and-control infrastructure.

Analyze network traffic in PCAP files using Wireshark to extract IOCs and reconstruct attacker tactics like authentication and remote execution.

A disgruntled customer, a compromised survey, and a trail of evidence hiding in plain sight — can you trace the attack from the first click to the final payload?

Synthesize forensic artifacts from event logs and disk images to reconstruct a multi-stage attack chain, detailing initial access, privilege escalation, lateral movement, and data exfiltration.

Reconstruct the complete attack timeline by analyzing browser history, event logs, registry, and Git artifacts to identify initial access, persistence, and data exfiltration mechanisms.

Hunt mail caches, MFT records, and Prefetch to unmask the initial dropper and rebuild the attack timeline.

Synthesize KQL findings across Windows events and Azure logs to reconstruct an APT29 multi-stage cloud attack, identifying persistence mechanisms and data exfiltration.

Investigate a software supply-chain compromise that escalates into a ransomware attack, with emphasis on identifying pre-encryption operations.