Blue Team Labs

Analyze Windows 10 notification artifacts, installed applications, LNK files, and Applications logs to uncover malicious activity and enhance forensic investigation capabilities.

Perform forensic analysis on Android devices to identify, analyze, and mitigate threats from malicious applications and cyber espionage groups like Magic Hound.

Understand real-world Linux compromise via CVE-2021-41773 by analyzing disk, memory, and system artifacts to identify attacker techniques, persistence methods, and IOCs.

Conduct endpoint forensic analysis to detect, analyze, and understand malware infections using disk images, registry artifacts, and threat intelligence.

Develop investigative skills by reconstructing user behavior, tracing digital footprints, and answering contextual questions based on evidence from a compromised system.

Using Volatility to investigate a Linux compromise, uncovering attacker techniques like persistence, rootkits, and network backdoors, while reinforcing skills in threat hunting and incident response.

Reconstruct a multi-stage attack chain using Volatility Framework to analyze memory dumps, identifying malware, persistence, credential theft, lateral movement, and C2 communications across compromised systems.

Investigate a simulated multi-stage attack to identify compromise and attacker activity using Elastic SIEM.

Reconstruct a HawkEye Keylogger data exfiltration incident by analyzing network traffic with Wireshark and CyberChef, identifying IoCs and stolen credentials.

Reconstruct a multi-stage PDF malware attack by analyzing network traffic, dissecting PDF objects, deobfuscating JavaScript, and emulating shellcode to identify payloads and exploited CVEs.