Blue Team Labs

Correlate Azure AD, Activity, and Blob Storage logs in Elastic Stack to reconstruct an attack timeline, identifying initial access, lateral movement, persistence, and data exfiltration.

Utilize ALEAPP to analyze Android device artifacts, reconstructing a victim's financial details, movements, and communication patterns.

Analyze Sysmon logs in Elastic SIEM to investigate REvil ransomware attack behaviors, decode recovery sabotage commands, and identify IOCs including the C2 onion domain.

Reconstruct Amadey Trojan behavior by analyzing memory dumps with Volatility3 to identify malicious processes, C2 communications, payload delivery, and persistence mechanisms.

Analyze malware artifacts using threat intelligence platforms like VirusTotal to identify IOCs, C2 servers, and understand adversary tactics.

Analyze network traffic using Wireshark's custom columns, filters, and statistics to identify suspicious web server administration access and potential compromise.

Investigate AWS CloudTrail logs using Splunk to identify unauthorized access, analyze configuration changes, and detect persistence mechanisms.

Analyze a spearphishing email to identify social engineering techniques and extract indicators of compromise from its headers and malicious attachment.

Analyze the PCAP file to identify malicious activity, using tools like Wireshark to detect threats, IP origins, and attacker techniques.