Blue Team Labs

Reconstruct an end-to-end phishing attack chain by analyzing disk image, registry, application, and browser artifacts using various forensic tools.

Determine the web server compromise method and attacker actions by analyzing disk images, memory dumps, and registry artifacts using Autopsy, Volatility, and Registry Explorer.

Reconstruct fragmented shellcode from a malicious RTF document and emulate its execution using `rtfdump.py` and `scdbg` to identify CVE-2017-11882 payload delivery.

Reconstruct a network intrusion by analyzing PCAP traffic with Wireshark, identifying a CVE-2003-0533 exploit, extracting malware, and performing shellcode analysis with scdbg to uncover attacker techniques and IOCs.

Analyze SIP and RTP protocols using Wireshark and BrimSecurity to identify malicious VoIP communication patterns and artifacts.

Analyze Linux system artifacts, including memory dumps and logs, with Volatility and FTK Imager to reconstruct an attack and identify IOCs.

Investigate network attack artifacts by analyzing logs in Kibana to identify compromised systems and incident timelines.

Analyze diverse network traffic using Wireshark to decrypt HTTPS, identify protocol misconfigurations, and extract critical network and system forensic artifacts.

Reconstruct a data exfiltration incident by correlating memory, disk, network, and log artifacts using a suite of forensic tools.

Evaluate forensic artifacts from a disk image to confirm unauthorized port scanning and assess user intent for installing illegal applications.