Blue Team Labs

Synthesize network, document, and malware forensics findings to reconstruct a multi-stage phishing attack, identifying exploit chains and C2 communication.

Reconstruct a Linux intrusion by analyzing forensic images, system logs, and custom scripts to identify brute-force, privilege escalation, persistence, and exfiltrated data.

Reconstruct initial access, system modifications, and persistence on a compromised Linux server by analyzing disk images and cracking passwords.

Investigate Windows memory images using Volatility3, PowerShell, and a hex editor to extract system artifacts, analyze processes, network connections, and reconstruct user activity.

Analyze memory dumps using Volatility 2 to identify Meterpreter malware and extract Indicators of Compromise.

Analyze a disk image to investigate multiple forensic cases by examining registry, event logs, and email artifacts using specified forensic tools.

Reconstruct an end-to-end phishing attack chain by analyzing disk image, registry, application, and browser artifacts using various forensic tools.

Reconstruct fragmented shellcode from a malicious RTF document and emulate its execution using `rtfdump.py` and `scdbg` to identify CVE-2017-11882 payload delivery.

Analyze Excel 4.0 macros using XLMDeobfuscator and OLEDUMP to identify anti-analysis techniques and subsequent stage download attempts.

Analyze diverse log sources in QRadar SIEM to identify compromised systems, detect malicious tools, and reconstruct the sequence of attack events.