Blue Team Labs

Analyze malware behavior and develop YARA rules for proactive detection by identifying packing methods, entropy levels, and execution patterns.

Analyze memory artifacts and trace a ransomware attack's origin, execution, and persistence using forensic tools like Volatility 3 and MemProcFS.

Reconstruct a BlueSky ransomware attack by analyzing network traffic, decoding PowerShell scripts, and examining persistence mechanisms to identify attacker tactics and IOCs.

Perform forensic analysis on a compromised Windows system to identify malware, trace attacker activity, and understand persistence mechanisms.

Investigate a real-world cyberattack, identify compromise indicators, trace attacker activities, and apply forensic and threat intelligence techniques.

Investigate a Java deserialization vulnerability in Apache ActiveMQ that enables remote code execution through insecure class loading.

Reconstruct the QBot malware infection timeline by analyzing memory dumps, identifying malicious processes, files, and network communications using Volatility3 and VirusTotal.

Analyze packed malware behavior, detect persistence mechanisms, and investigate data exfiltration through dynamic analysis, traffic interception, and reverse engineering techniques.

Analyze Windows 10 notification artifacts, installed applications, LNK files, and Applications logs to uncover malicious activity and enhance forensic investigation capabilities.

Perform forensic analysis on Android devices to identify, analyze, and mitigate threats from malicious applications and cyber espionage groups like Magic Hound.