Blue Team Labs

Reconstruct a Bad Rabbit ransomware attack chain by analyzing phishing, persistence, and MBR modification using dynamic analysis and MITRE ATT&CK.

Correlate Windows event logs and Sysmon data across enterprise systems using ELK to reconstruct a multi-stage cyber attack from initial access to ransomware.

Analyze memory images and event logs using MemProcFS, EvtxECmd, and Timeline Explorer to identify Andromeda bot IOCs, reconstruct its infection timeline, and attribute it to an APT group.

Reconstruct attacker methods on a Linux system by analyzing a disk image, recovering deleted files with Photorec, and correlating logs, command history, and configuration files.

Analyze an Android device dump and reverse engineer a malicious APK using ALEAPP and JADX-GUI to identify malware functionality, data exfiltration, and extract compromised credentials.

Analyze network traffic and AWS CloudTrail logs using Wireshark and JQ to reconstruct an IMDSv1 SSRF exploitation and subsequent data exfiltration attack.

Analyze multi-stage malware behavior, decode obfuscated scripts, trace execution flow, and identify evasion, persistence, and exfiltration tactics using forensic tools.

Reconstruct a wiper malware attack by analyzing registry, event logs, and USN journal artifacts using Registry Explorer, Event Log Explorer, and VirusTotal.

Learn to investigate Akira ransomware using memory forensics to identify IOCs, analyze attacker behavior, reconstruct timelines, and uncover system compromise, defense evasion, and persistence methods.

Reconstruct a multi-stage intrusion timeline by analyzing Windows and Sysmon event logs within Elastic SIEM to identify key attack tactics, techniques, and procedures.