Blue Team Labs

Apply MISP to manage security events, create attributes, and integrate threat intelligence from data feeds.

Analyze a malware campaign using MISP to identify communication patterns and extract key indicators of compromise (IOCs), including malware family and file hashes.

Correlate Android and Windows forensic artifacts, including logs and malware analysis, to reconstruct a multi-stage BYOD breach from initial access to persistence.

Utilize OSINT, VirusTotal, and crt.sh to analyze a multi-stage malvertising campaign, identifying initial access, malware payloads, and attacker infrastructure.

Reconstruct an intrusion timeline by analyzing event logs, registry, file system, and network artifacts to identify attacker TTPs and data exfiltration.

Reconstruct an Android attack timeline using forensic artifacts to identify RatMilad malware, extract its C2, and attribute a fraudulent transaction.

Correlate Splunk logs and host forensic artifacts from triage images to reconstruct a multi-stage TeamCity compromise and identify attacker TTPs.