Blue Team Labs

Investigate SIEM logs using GrayLog to identify indicators of compromise associated with the ProxyLogon vulnerability (CVE-2021-26855).

Correlate Windows Defender, Sysmon, and Security logs in Elastic Stack to reconstruct HafinumAPT's initial access, persistence, and lateral movement TTPs.

Investigate iOS device artifacts using iLEAPP and SQLite Browser to identify anomalous user behavior and potential illicit activity.

Reconstruct a Diameter signaling attack on an LTE core network using Kibana to identify 2FA bypass and unauthorized transactions.

Apply Splunk search queries to extract information and answer questions from provided log data.

Apply Attack-Based Hunting methodology using Splunk to analyze and correlate diverse network and host logs, identifying multiple distinct cyberattack scenarios.

Apply Attack-Based Hunting principles to Splunk logs, correlating Windows and Sysmon data to identify and reconstruct a multi-stage ransomware attack.

Correlate Splunk logs and host forensic artifacts from triage images to reconstruct a multi-stage TeamCity compromise and identify attacker TTPs.

Reverse engineer multi-stage malicious binaries using IDA Pro and debuggers to uncover hidden functionality and extract embedded flags.