Blue Team Labs

This lab aims to equip learners with practical skills in malware analysis by dissecting a multi-stage AsyncRAT infection. Participants will explore obfuscation techniques, payload extraction, persistence mechanisms, and steganographic methods used in real-world malware, enhancing their ability to detect, analyze, and respond to complex cyber threats.

Perform forensic analysis on a compromised Windows system to identify malware, trace attacker activity, and understand persistence mechanisms.

Reconstruct a multi-system LockBit ransomware attack chain by correlating Windows event logs, registry artifacts, and PowerShell activity to identify TTPs.

Learn cloud forensics by analyzing Google Cloud logs with JQ to identify compromised accounts, data exfiltration, and attacker persistence methods in a simulated breach scenario.

Develop skills in forensic analysis, attack chain reconstruction, and threat detection following a web server compromise using Linux forensic techniques.

Analyze a malicious MSI installer by deconstructing its components, extracting embedded scripts, identifying C2 communication, and attributing the malware family.

Analyze suspicious logs to author custom Sigma rules that detect lateral movement techniques within a SIEM environment.

Analyze, decrypt, and trace a multi-stage malware infection, uncovering obfuscation techniques, payload delivery methods, and network communication indicators.

Analyze packed malware behavior, detect persistence mechanisms, and investigate data exfiltration through dynamic analysis, traffic interception, and reverse engineering techniques.

Analyze Windows event logs in Splunk to identify T1197 BITS abuse, LOLBAS usage, attacker IP, and persistence mechanisms.