Blue Team Labs

Analyze Linux system artifacts, including memory dumps and logs, with Volatility and FTK Imager to reconstruct an attack and identify IOCs.

Investigate network attack artifacts by analyzing logs in Kibana to identify compromised systems and incident timelines.

Analyze diverse network traffic using Wireshark to decrypt HTTPS, identify protocol misconfigurations, and extract critical network and system forensic artifacts.

Reconstruct a data exfiltration incident by correlating memory, disk, network, and log artifacts using a suite of forensic tools.

Evaluate forensic artifacts from a disk image to confirm unauthorized port scanning and assess user intent for installing illegal applications.

Reconstruct a multi-stage attack by analyzing network traffic, cracking credentials, and reverse engineering malware using Wireshark, John the Ripper, and IDA Pro to identify persistence and C2 commands.

Reconstruct multi-stage attack scenarios by analyzing Splunk logs and integrating OSINT from VirusTotal, ThreatCrowd, and WHOXY to identify TTPs and IOCs.

Reconstruct a multi-stage ransomware attack by correlating Windows event logs, disk artifacts, and malware analysis using Elastic, MFTECmd, RegRipper, and DNSpy.

Reconstruct a multi-stage APT29 intrusion by analyzing Azure and M365 logs to trace device code phishing, OAuth token abuse, service account chaining, Silver SAML forgery, and PHI exfiltration.

When a "candidate" submits a resume that’s more than it seems, it’s up to you to hunt through the artifacts, reconstruct the infection chain, and stop a data breach in its tracks.