Blue Team Labs

Synthesize forensic artifacts across registry, logs, and binaries to reconstruct a Log4Shell exploitation attack chain, identifying C2, persistence, and ransomware behavior.

Synthesize network, document, and malware forensics findings to reconstruct a multi-stage phishing attack, identifying exploit chains and C2 communication.

Analyze network traffic and memory dumps using Wireshark, Zui, and Volatility to investigate a targeted attack, identify Zeus malware, and reconstruct attacker actions.

Deobfuscate multi-stage VBA and JavaScript malware from a Word document, extracting IOCs and reconstructing execution flow with Oledump, CyberChef, and WSH.

Reconstruct initial access, system modifications, and persistence on a compromised Linux server by analyzing disk images and cracking passwords.

Analyze Android disk images using SQLite, Python, and log analysis to reconstruct user activity and extract key forensic artifacts.

Analyze memory dumps using Volatility 2 to identify Meterpreter malware and extract Indicators of Compromise.

Determine the web server compromise method and attacker actions by analyzing disk images, memory dumps, and registry artifacts using Autopsy, Volatility, and Registry Explorer.

Reconstruct fragmented shellcode from a malicious RTF document and emulate its execution using `rtfdump.py` and `scdbg` to identify CVE-2017-11882 payload delivery.

Analyze Excel 4.0 macros using XLMDeobfuscator and OLEDUMP to identify anti-analysis techniques and subsequent stage download attempts.