Blue Team Labs

Analyze suspicious logs to author custom Sigma rules that detect lateral movement techniques within a SIEM environment.

Analyze packed malware behavior, detect persistence mechanisms, and investigate data exfiltration through dynamic analysis, traffic interception, and reverse engineering techniques.

Analyze Windows event logs in Splunk to identify T1197 BITS abuse, LOLBAS usage, attacker IP, and persistence mechanisms.

Analyze Windows 10 notification artifacts, installed applications, LNK files, and Applications logs to uncover malicious activity and enhance forensic investigation capabilities.

Investigate fileless malware by analyzing registry artifacts, decrypting in-memory payloads, and identifying malware families using forensic tools and reverse engineering techniques.

Analyze AWS CloudTrail logs with `jq` to reconstruct attacker TTPs, identify privilege escalation, and detect persistence mechanisms within a compromised cloud environment.

Learn to use Splunk for detecting, analyzing, and investigating cybersecurity threats through log analysis, threat hunting, privilege escalation, lateral movement, and advanced attack techniques.

Develop practical skills in Windows memory forensics using Volatility by detecting malware indicators, analyzing suspicious processes, and identifying code injection and unauthorized DLLs in a compromised system.

Using Volatility to investigate a Linux compromise, uncovering attacker techniques like persistence, rootkits, and network backdoors, while reinforcing skills in threat hunting and incident response.

Reconstruct a multi-stage attack chain using Volatility Framework to analyze memory dumps, identifying malware, persistence, credential theft, lateral movement, and C2 communications across compromised systems.