Blue Team Labs

Reconstruct an attack timeline by analyzing disk images, event logs, and malicious scripts to identify initial access, persistence, and data exfiltration techniques.

Analyze a memory dump using forensic techniques to identify artifacts from a spear-phishing attack and trace its origin.

Reconstruct the attack timeline by analyzing memory dumps and suspicious document files using Volatility, OfficeMalScanner, and VirusTotal.

Apply Splunk search queries to extract information and answer questions from provided log data.

Apply Attack-Based Hunting methodology using Splunk to analyze and correlate diverse network and host logs, identifying multiple distinct cyberattack scenarios.

Correlate diverse forensic artifacts from memory, registry, browser, and NTFS logs using advanced tools like Mimikatz, Ghidra, and CyberChef to reconstruct a complex data breach and C2 infrastructure.

Correlate Splunk logs and host forensic artifacts from triage images to reconstruct a multi-stage TeamCity compromise and identify attacker TTPs.

Analyze the Phobos ransomware executable to identify its core behavior, encryption methods, and extract actionable indicators of compromise (IOCs).

Analyze packed ShadowSteal malware using dynamic and static reverse engineering to extract the RC4 key, mutex, and self-deletion command.