Blue Team Labs

Learn to investigate Akira ransomware using memory forensics to identify IOCs, analyze attacker behavior, reconstruct timelines, and uncover system compromise, defense evasion, and persistence methods.

Correlate network traffic, RCE exploits, and C2 communications using Wireshark to reconstruct a multi-stage web server compromise, cryptomining, and lateral movement.

Analyze malware behavior and develop YARA rules for proactive detection by identifying packing methods, entropy levels, and execution patterns.

Learn to investigate ransomware attacks by analyzing logs, registry entries, and artifacts to trace attacker actions, tools used, and identify indicators of compromise.

Understand and analyze ATM-targeting malware using static analysis tools, identify malicious behaviors, and trace how malware exploits legitimate APIs like XFS to manipulate ATM hardware and perform unauthorized actions.

Reconstruct a BlueSky ransomware attack by analyzing network traffic, decoding PowerShell scripts, and examining persistence mechanisms to identify attacker tactics and IOCs.

Investigate a real-world cyberattack, identify compromise indicators, trace attacker activities, and apply forensic and threat intelligence techniques.

Reconstruct a multi-system LockBit ransomware attack chain by correlating Windows event logs, registry artifacts, and PowerShell activity to identify TTPs.

Conduct endpoint forensic analysis to detect, analyze, and understand malware infections using disk images, registry artifacts, and threat intelligence.

Synthesize forensic artifacts across registry, logs, and binaries to reconstruct a Log4Shell exploitation attack chain, identifying C2, persistence, and ransomware behavior.