Blue Team Labs

Reconstruct a multi-stage attack by analyzing network traffic, cracking credentials, and reverse engineering malware using Wireshark, John the Ripper, and IDA Pro to identify persistence and C2 commands.

Reconstruct multi-stage attack scenarios by analyzing Splunk logs and integrating OSINT from VirusTotal, ThreatCrowd, and WHOXY to identify TTPs and IOCs.

Correlate Splunk Sysmon logs and disk forensic artifacts across multiple hosts to reconstruct a multi-stage Latrodectus malware intrusion from initial access to data exfiltration.

Reconstruct RansomHub ransomware attack chain by correlating Splunk logs and disk artifacts to identify password spray, lateral movement, data exfiltration, and ransomware deployment tactics.

Hunt browser downloads, MFT records, and Prefetch to unmask the initial dropper and rebuild the attack timeline.

Investigate attacker behavior by analyzing Windows artifacts to identify persistence, privilege escalation, and lateral movement using MFTECmd, PECmd, BitsParser, and registry analysis tools.

Synthesize disparate forensic artifacts across email, network, and host logs to reconstruct a multi-stage phishing, malware, and C2 attack, attributing it to a known campaign.

Investigate a disk image to uncover a UAC bypass and process hollowing and trace the attack back to a compromised software repository.