Blue Team Labs

Reconstruct a multi-system LockBit ransomware attack chain by correlating Windows event logs, registry artifacts, and PowerShell activity to identify TTPs.

Detect, analyze, and respond to Kerberoasting attacks by investigating Kerberos logs, identifying compromised accounts, and uncovering attacker persistence methods.

Learn to use Splunk for detecting, analyzing, and investigating cybersecurity threats through log analysis, threat hunting, privilege escalation, lateral movement, and advanced attack techniques.

Learn to perform Chromebook forensic analysis using tools like DB Browser and Notepad++, focusing on user artifacts, browser data, downloads, and Google Takeout for digital investigations.

Reconstruct a multi-stage attack chain using Volatility Framework to analyze memory dumps, identifying malware, persistence, credential theft, lateral movement, and C2 communications across compromised systems.

Investigate a simulated multi-stage attack to identify compromise and attacker activity using Elastic SIEM.

Reconstruct a HawkEye Keylogger data exfiltration incident by analyzing network traffic with Wireshark and CyberChef, identifying IoCs and stolen credentials.

Reconstruct a Linux intrusion by analyzing forensic images, system logs, and custom scripts to identify brute-force, privilege escalation, persistence, and exfiltrated data.

Reconstruct initial access, system modifications, and persistence on a compromised Linux server by analyzing disk images and cracking passwords.

Analyze Android disk images using SQLite, Python, and log analysis to reconstruct user activity and extract key forensic artifacts.