Blue Team Labs

Reconstruct a multi-stage attack by analyzing network traffic, cracking credentials, and reverse engineering malware using Wireshark, John the Ripper, and IDA Pro to identify persistence and C2 commands.

Reconstruct multi-stage attack scenarios by analyzing Splunk logs and integrating OSINT from VirusTotal, ThreatCrowd, and WHOXY to identify TTPs and IOCs.

Reconstruct a multi-stage ransomware attack by correlating Windows event logs, disk artifacts, and malware analysis using Elastic, MFTECmd, RegRipper, and DNSpy.

Investigate a multi-stage phishing intrusion from initial access through domain compromise, persistence, and C2 deployment.

Reconstruct a multi-stage APT29 intrusion by analyzing Azure and M365 logs to trace device code phishing, OAuth token abuse, service account chaining, Silver SAML forgery, and PHI exfiltration.

When a "candidate" submits a resume that’s more than it seems, it’s up to you to hunt through the artifacts, reconstruct the infection chain, and stop a data breach in its tracks.

Analyze network traffic to reconstruct a complete domain compromise attack chain, from AS-REP Roasting and Kerberoasting through privilege escalation, lateral movement, and data exfiltration using rclone.

Correlate Splunk Sysmon logs and disk forensic artifacts across multiple hosts to reconstruct a multi-stage Latrodectus malware intrusion from initial access to data exfiltration.

Reconstruct RansomHub ransomware attack chain by correlating Splunk logs and disk artifacts to identify password spray, lateral movement, data exfiltration, and ransomware deployment tactics.