Blue Team Labs

Reconstruct a WebLogic server attack timeline by analyzing memory dumps with Volatility and MemProcFS to identify initial access, persistence, C2, and data exfiltration IOCs.

Synthesize network, document, and malware forensics findings to reconstruct a multi-stage phishing attack, identifying exploit chains and C2 communication.

Analyze network traffic and memory dumps using Wireshark, Zui, and Volatility to investigate a targeted attack, identify Zeus malware, and reconstruct attacker actions.

Deobfuscate multi-stage VBA and JavaScript malware from a Word document, extracting IOCs and reconstructing execution flow with Oledump, CyberChef, and WSH.

Reconstruct initial access, system modifications, and persistence on a compromised Linux server by analyzing disk images and cracking passwords.

Analyze network traffic using Wireshark to identify suspicious activity, extract IOCs, and uncover authentication details, file transfers, and server information across multiple protocols.

Reconstruct an end-to-end phishing attack chain by analyzing disk image, registry, application, and browser artifacts using various forensic tools.

Determine the web server compromise method and attacker actions by analyzing disk images, memory dumps, and registry artifacts using Autopsy, Volatility, and Registry Explorer.

Reconstruct fragmented shellcode from a malicious RTF document and emulate its execution using `rtfdump.py` and `scdbg` to identify CVE-2017-11882 payload delivery.

Reconstruct a network intrusion by analyzing PCAP traffic with Wireshark, identifying a CVE-2003-0533 exploit, extracting malware, and performing shellcode analysis with scdbg to uncover attacker techniques and IOCs.