Blue Team Labs

Reconstruct an Android attack timeline using forensic artifacts to identify RatMilad malware, extract its C2, and attribute a fraudulent transaction.

Analyze packed malware behavior, detect persistence mechanisms, and investigate data exfiltration through dynamic analysis, traffic interception, and reverse engineering techniques.

Analyze Windows 10 notification artifacts, installed applications, LNK files, and Applications logs to uncover malicious activity and enhance forensic investigation capabilities.

Reconstruct a multi-stage attack chain using Volatility Framework to analyze memory dumps, identifying malware, persistence, credential theft, lateral movement, and C2 communications across compromised systems.

Reconstruct a HawkEye Keylogger data exfiltration incident by analyzing network traffic with Wireshark and CyberChef, identifying IoCs and stolen credentials.

Reconstruct a WebLogic server attack timeline by analyzing memory dumps with Volatility and MemProcFS to identify initial access, persistence, C2, and data exfiltration IOCs.

Reconstruct a Linux intrusion by analyzing forensic images, system logs, and custom scripts to identify brute-force, privilege escalation, persistence, and exfiltrated data.

Analyze diverse log sources in QRadar SIEM to identify compromised systems, detect malicious tools, and reconstruct the sequence of attack events.

Analyze Linux system artifacts, including memory dumps and logs, with Volatility and FTK Imager to reconstruct an attack and identify IOCs.

Investigate network attack artifacts by analyzing logs in Kibana to identify compromised systems and incident timelines.