Blue Team Labs

Put your knowledge into practice with gamified cyber security challenges.

Hunter

Endpoint Forensics

medium

Evaluate forensic artifacts from a disk image to confirm unauthorized port scanning and assess user intent for installing illegal applications.

EscapeRoom

Network Forensics

medium

Reconstruct a multi-stage attack by analyzing network traffic, cracking credentials, and reverse engineering malware using Wireshark, John the Ripper, and IDA Pro to identify persistence and C2 commands.

Boss Of The SOC v1

PREMIUM

Threat Hunting

medium

Reconstruct multi-stage attack scenarios by analyzing Splunk logs and integrating OSINT from VirusTotal, ThreatCrowd, and WHOXY to identify TTPs and IOCs.

RansomedTrust - Lynx

PREMIUMNew

Threat Hunting, Malware Analysis

hard

Investigate a multi-stage LYNX ransomware intrusion across two trusted Active Directory forests in Splunk, then statically analyze the recovered binary to surface developer artifacts and the embedded victim-contact infrastructure.

Satisfaction

PREMIUM

Malware Analysis, Network Forensics

hard

A disgruntled customer, a compromised survey, and a trail of evidence hiding in plain sight — can you trace the attack from the first click to the final payload?

Maromafix Falldown - RansomHub

PREMIUM

Threat Hunting, Endpoint Forensics

hard

Reconstruct a multi-stage ransomware attack by correlating Windows event logs, disk artifacts, and malware analysis using Elastic, MFTECmd, RegRipper, and DNSpy.

MarkShell - TA577

PREMIUM

Threat Hunting

hard

Investigate a multi-stage phishing intrusion from initial access through domain compromise, persistence, and C2 deployment.

Code Blue - APT29

PREMIUM

Cloud Forensics

hard

Reconstruct a multi-stage APT29 intrusion by analyzing Azure and M365 logs to trace device code phishing, OAuth token abuse, service account chaining, Silver SAML forgery, and PHI exfiltration.

Recruiter - Hanoi Op

PREMIUM

Endpoint Forensics

hard

When a "candidate" submits a resume that’s more than it seems, it’s up to you to hunt through the artifacts, reconstruct the infection chain, and stop a data breach in its tracks.

RoastToRoot

PREMIUM

Network Forensics

hard

Analyze network traffic to reconstruct a complete domain compromise attack chain, from AS-REP Roasting and Kerberoasting through privilege escalation, lateral movement, and data exfiltration using rclone.