Blue Team Labs

Reconstruct BlackSuit ransomware's attack lifecycle by analyzing PE artifacts, encrypted payloads, API calls, and network communication using Ghidra, x64dbg, and CFF Explorer.

Investigate PLC network traffic and system logs to identify insider manipulation attempts and determine the cause of the solar panel disruption at AetherCore Technologies.

Reconstruct an attack timeline by analyzing disk images, event logs, and malicious scripts to identify initial access, persistence, and data exfiltration techniques.

Investigate a multi-stage phishing attack by analyzing LNK files, de-obfuscating scripts, identifying C2, decrypting payloads, and attributing the TTPs to the UAC-0057 APT group.

Reconstruct an ICS attack chain by analyzing network traffic with Arkime and Wireshark to identify PLC compromise, I/O manipulation, and classify techniques using MITRE ATT&CK for ICS.

Learn to investigate a domain controller compromise by analyzing logs, memory, and artifacts to uncover attacker tactics, persistence methods, and the full intrusion timeline.

Evaluate a memory image using Volatility and forensic tools to reconstruct the attack chain initiated by a malicious PDF with JavaScript.

Apply Splunk search queries to extract information and answer questions from provided log data.

Apply Attack-Based Hunting methodology using Splunk to analyze and correlate diverse network and host logs, identifying multiple distinct cyberattack scenarios.

Apply Attack-Based Hunting principles to Splunk logs, correlating Windows and Sysmon data to identify and reconstruct a multi-stage ransomware attack.