Blue Team Labs

Investigate and analyze malicious activity in an Active Directory environment using log analysis and Splunk queries to identify initial access, persistence, lateral movement, and data exfiltration techniques.

Learn to analyze and dissect Agent Tesla malware by unpacking, identifying embedded scripts, tracing data exfiltration, detecting persistence mechanisms, and understanding anti-VM evasion techniques.

Reconstruct a BlueSky ransomware attack by analyzing network traffic, decoding PowerShell scripts, and examining persistence mechanisms to identify attacker tactics and IOCs.

Reconstruct a multi-system LockBit ransomware attack chain by correlating Windows event logs, registry artifacts, and PowerShell activity to identify TTPs.

Detect, analyze, and respond to Kerberoasting attacks by investigating Kerberos logs, identifying compromised accounts, and uncovering attacker persistence methods.

Learn to use Splunk for detecting, analyzing, and investigating cybersecurity threats through log analysis, threat hunting, privilege escalation, lateral movement, and advanced attack techniques.

Learn to perform Chromebook forensic analysis using tools like DB Browser and Notepad++, focusing on user artifacts, browser data, downloads, and Google Takeout for digital investigations.

Reconstruct a multi-stage attack chain using Volatility Framework to analyze memory dumps, identifying malware, persistence, credential theft, lateral movement, and C2 communications across compromised systems.

Investigate a simulated multi-stage attack to identify compromise and attacker activity using Elastic SIEM.

Reconstruct a HawkEye Keylogger data exfiltration incident by analyzing network traffic with Wireshark and CyberChef, identifying IoCs and stolen credentials.