Blue Team Labs

A disgruntled customer, a compromised survey, and a trail of evidence hiding in plain sight — can you trace the attack from the first click to the final payload?

Synthesize forensic artifacts from event logs and disk images to reconstruct a multi-stage attack chain, detailing initial access, privilege escalation, lateral movement, and data exfiltration.

Reconstruct the complete attack timeline by analyzing browser history, event logs, registry, and Git artifacts to identify initial access, persistence, and data exfiltration mechanisms.

Hunt mail caches, MFT records, and Prefetch to unmask the initial dropper and rebuild the attack timeline.

Synthesize KQL findings across Windows events and Azure logs to reconstruct an APT29 multi-stage cloud attack, identifying persistence mechanisms and data exfiltration.

Decrypt traffic, decompile smart contracts, and uncover how attackers turned the blockchain into a C2 channel.

Investigate a software supply-chain compromise that escalates into a ransomware attack, with emphasis on identifying pre-encryption operations.

Analyze a cloud-native attack chain involving illicit consent grants, hardcoded credential discovery, Temporary Access Pass abuse, and ABAC bypass to understand modern Azure threat actor techniques.

Synthesize and correlate diverse forensic artifacts from multiple systems to reconstruct the complete HiddenTear attack chain and attribute threat actor TTPs.