Blue Team Labs

Reconstruct a HawkEye Keylogger data exfiltration incident by analyzing network traffic with Wireshark and CyberChef, identifying IoCs and stolen credentials.

Analyze network traffic and memory dumps using Wireshark, Zui, and Volatility to investigate a targeted attack, identify Zeus malware, and reconstruct attacker actions.

Investigate Windows memory images using Volatility3, PowerShell, and a hex editor to extract system artifacts, analyze processes, network connections, and reconstruct user activity.

Analyze a disk image to investigate multiple forensic cases by examining registry, event logs, and email artifacts using specified forensic tools.

Determine the web server compromise method and attacker actions by analyzing disk images, memory dumps, and registry artifacts using Autopsy, Volatility, and Registry Explorer.

Analyze Excel 4.0 macros using XLMDeobfuscator and OLEDUMP to identify anti-analysis techniques and subsequent stage download attempts.

Analyze diverse log sources in QRadar SIEM to identify compromised systems, detect malicious tools, and reconstruct the sequence of attack events.

Analyze SIP and RTP protocols using Wireshark and BrimSecurity to identify malicious VoIP communication patterns and artifacts.

Analyze various Linux system logs using grep, awk, and sed to identify attacker TTPs, persistence, and reconstruct the attack timeline.

Investigate network attack artifacts by analyzing logs in Kibana to identify compromised systems and incident timelines.