Blue Team Labs

Reconstruct a Linux system's unauthorized access and ransomware incident by analyzing logs, browser, and email artifacts, decrypting payloads, and identifying persistence.

Analyze email headers and threat intelligence to identify phishing indicators, malware persistence, and C2 channels, extracting actionable IOCs.

Learn to investigate ransomware attacks by analyzing logs, registry entries, and artifacts to trace attacker actions, tools used, and identify indicators of compromise.

Understand and analyze ATM-targeting malware using static analysis tools, identify malicious behaviors, and trace how malware exploits legitimate APIs like XFS to manipulate ATM hardware and perform unauthorized actions.

Investigate a real-world cyberattack, identify compromise indicators, trace attacker activities, and apply forensic and threat intelligence techniques.

Investigate a Java deserialization vulnerability in Apache ActiveMQ that enables remote code execution through insecure class loading.

Reconstruct the QBot malware infection timeline by analyzing memory dumps, identifying malicious processes, files, and network communications using Volatility3 and VirusTotal.

Learn cloud forensics by analyzing Google Cloud logs with JQ to identify compromised accounts, data exfiltration, and attacker persistence methods in a simulated breach scenario.

Develop skills in forensic analysis, attack chain reconstruction, and threat detection following a web server compromise using Linux forensic techniques.

Analyze, decrypt, and trace a multi-stage malware infection, uncovering obfuscation techniques, payload delivery methods, and network communication indicators.