Blue Team Labs

Correlate network traffic, RCE exploits, and C2 communications using Wireshark to reconstruct a multi-stage web server compromise, cryptomining, and lateral movement.

Analyze memory artifacts and trace a ransomware attack's origin, execution, and persistence using forensic tools like Volatility 3 and MemProcFS.

Reconstruct a multi-system LockBit ransomware attack chain by correlating Windows event logs, registry artifacts, and PowerShell activity to identify TTPs.

Learn to use Splunk for detecting, analyzing, and investigating cybersecurity threats through log analysis, threat hunting, privilege escalation, lateral movement, and advanced attack techniques.

Reconstruct a multi-stage attack chain using Volatility Framework to analyze memory dumps, identifying malware, persistence, credential theft, lateral movement, and C2 communications across compromised systems.

Investigate a simulated multi-stage attack to identify compromise and attacker activity using Elastic SIEM.

Analyze diverse log sources in QRadar SIEM to identify compromised systems, detect malicious tools, and reconstruct the sequence of attack events.

Investigate network attack artifacts by analyzing logs in Kibana to identify compromised systems and incident timelines.

Analyze diverse network traffic using Wireshark to decrypt HTTPS, identify protocol misconfigurations, and extract critical network and system forensic artifacts.

Evaluate forensic artifacts from a disk image to confirm unauthorized port scanning and assess user intent for installing illegal applications.