Blue Team Labs

Analyze diverse log sources in QRadar SIEM to identify compromised systems, detect malicious tools, and reconstruct the sequence of attack events.

Reconstruct a network intrusion by analyzing PCAP traffic with Wireshark, identifying a CVE-2003-0533 exploit, extracting malware, and performing shellcode analysis with scdbg to uncover attacker techniques and IOCs.

Analyze Linux system artifacts, including memory dumps and logs, with Volatility and FTK Imager to reconstruct an attack and identify IOCs.

Investigate network attack artifacts by analyzing logs in Kibana to identify compromised systems and incident timelines.

Reconstruct a data exfiltration incident by correlating memory, disk, network, and log artifacts using a suite of forensic tools.

Evaluate forensic artifacts from a disk image to confirm unauthorized port scanning and assess user intent for installing illegal applications.

Reconstruct a multi-stage attack by analyzing network traffic, cracking credentials, and reverse engineering malware using Wireshark, John the Ripper, and IDA Pro to identify persistence and C2 commands.

Reconstruct multi-stage attack scenarios by analyzing Splunk logs and integrating OSINT from VirusTotal, ThreatCrowd, and WHOXY to identify TTPs and IOCs.

When a "candidate" submits a resume that’s more than it seems, it’s up to you to hunt through the artifacts, reconstruct the infection chain, and stop a data breach in its tracks.

Analyze network traffic to reconstruct a complete domain compromise attack chain, from AS-REP Roasting and Kerberoasting through privilege escalation, lateral movement, and data exfiltration using rclone.