• Tags
3Cs
7Ps
Achievements
Agriculture
AI
Air Batteries
Aluminium
Analysis
Android
APIs
App
Arduino
Argument
Attitude
Autonomous Vehicles
AWS
Azure
Batteries
Biases
Biochar
Blue Team Labs Online
Bonds
Book Summary
Bookmarks
Books
Boookmarklets
Buildings
Business
Business Analysis
Business Intelligence
Business Model
Business Model Canvas
Business Models
CAES
Capital
Carbon
Carbon Capture
Cars
Case Study
CCUS
Certifications
CFI
ChatGPT
Chemistry
China
Circular Economy
Classification
Climate
Cloud
Clustering
CO2
CODESYS
Communities
Compassion
Competitor Analysis
Compressed CO2
Computing
Conference Talk
Connected Vehicles
Construction
Consulting
Consumption
Contemplation
Contemplations
Corporate Finance
Cost-Benefit Analysis
Coursera
Courses
CPD
Creativity
Crisis
Customer Analysis
CyberDefenders
Cycles
DAC
Data Analysis
Data Science
Data Visualisation
Dating
Debt
Desertec
Design
Digital Forensics
Distributed Energy
Distribution Networks
Docker
E-Bikes
E-Scooters
Economic Cycles
Education
EdX
Efficiency
Electric Vehicles
Electricity
Electrification
Electrochemical Batteries
Emissions
Emotions
EndMyopia
Energy
Energy Storage
Entomophagy
Entrepreneurship
EVs
Eyesight
Family
Farming
Farnam Street
FastAPI
Fears
Finance
Flask
Flow Batteries
Food
Future
Geology
Geopolitics
GMAT
Go-to-Market
Green
Greenwashing
Grid Storage
Growth
Growth Strategy
Happiness
Health
Heat Pumps
Hobbies
Housing
Human Nature
Humanity
Hydrogen
IEA
Industry Analysis
Innovation
Insects
Internet
IT
JavaScript
Journalling
Korea
Korean
LAES
Languages
Learning
LinkedIn
Lithium
Living
LLMs
Logical Fallacies
Logistics
London
M&A
Market Entry
Market Research
Market Strategy
Marketing
Markets
Massless Batteries
Maths
MECE
Mechanical Batteries
Media
Meditation
Memories
Mental Blindspots
Mental Health
Mental Models
Micromobility
Mindset
Mobility
Modelling
Molten Metal
Molten Salt
Motivation
Motorbikes
Myopia
Natural Language Processing
Networking
Oceans
Oil
Open University
OpenPLC
Operational Technology
Opportunity
Opportunity Cost
Personal Development
Personalities
Plants
Plastic
Policy
Politics
Pollution
Porter's Five Forces
Product Analysis
Product Design
Product Management
Productivity
Projects
Psychology
Public Transport
Pumped Hydro
Purchase Analytics
Python
Random Forest
Reasoning
Recycling
Regex
Regression
Relationships
Renewable Energy
Sales
Samsara
Sand Batteries
Scooters
Scripting
Security Monitoring
Segmentation
Sentiment Analysis
Sex
Shared Mobility
Silver
Society
Sodium
Solar
SQL
STEEPLE
Stocks
Strategy
Structure
Success
Supply Chain
Sustainability
SWOT
Theories
Thermal Batteries
Thoughts
Time Management
Time Series
Traffic
Transmission Networks
Trauma
Travel
Trees
TryHackMe
V2G
Valuation
Value Chain
Value Proposition
Value Proposition Canvas
Vanadium
Vertical Farming
War
Water Batteries
Wealth
Wind
Work
YouTube
Zinc Bromine
한국어
한국어로

Network Analysis - Web Shell

https://blueteamlabs.online/home/challenge/12 Contents Contents Introduction Questions What is the IP responsible for conducting the port scan activity? What is the port range scanned by the suspicious host? What is the type of port scan conducted? Two more tools were used to perform reconnaissance against open ports, what were they? What is the name of the php file through which the attacker uploaded a web shell? What is the name of the web shell that the attacker uploaded? What is the parameter used in the web shell for executing commands? What is the first command executed by the attacker? What is the type of shell connection the attacker obtains through command execution? What is the port he uses for the shell connection? Comments? Introduction The SOC received an alert in their SIEM for ‘Local to Local Port Scanning’ where an internal private IP began scanning another internal system. Can you investigate and determine if this activity is malicious or not? You have been provided a PCAP, investigate using any tools you wish.

• Blue Team Labs Online

Monday, September 6, 2021 | 6 minutes Read

Log Analysis - Privilege Escalation

https://blueteamlabs.online/home/challenge/4 Contents Introduction Questions What user (other than ‘root’) is present on the server? What script did the attacker try to download to the server? What packet analyzer tool did the attacker try to use? What file extension did the attacker use to bypass the file upload filter implemented by the developer? Based on the commands run by the attacker before removing the php shell, what misconfiguration was exploited in the ‘python’ binary to gain root-level access? 1- Reverse Shell ; 2- File Upload ; 3- File Write ; 4- SUID ; 5- Library load Introduction A server with sensitive data was accessed by an attacker and the files were posted on an underground forum. This data was only available to a privileged user, in this case the ‘root’ account. Responders say ‘www-data’ would be the logged in user if the server was remotely accessed, and this user doesn’t have access to the data. The developer stated that the server is hosting a PHP-based website and that proper filtering is in place to prevent php file uploads to gain malicious code execution. The bash history is provided to you but the recorded commands don’t appear to be related to the attack. Can you find what actually happened?

• Blue Team Labs Online

Monday, August 9, 2021 | 3 minutes Read

Memory Analysis - Ransomware

https://blueteamlabs.online/home/challenge/1 Introduction Questions Run “vol.py -f infected.vmem –profile=Win7SP1x86 psscan” that will list all processes. What is the name of the suspicious process? What is the parent process ID for the suspicious process? What is the initial malicious executable that created this process? If you drill down on the suspicious PID (vol.py -f infected.vmem –profile=Win7SP1x86 psscan | grep (PIDhere)), find the process used to delete files Find the path where the malicious file was first executed Can you identify what ransomware it is? What is the filename for the file with the ransomware public key that was used to encrypt the private key? Comments? Introduction The Account Executive called the SOC earlier and sounds very frustrated and angry. He stated he can’t access any files on his computer and keeps receiving a pop-up stating that his files have been encrypted. You disconnected the computer from the network and extracted the memory dump of his machine and started analyzing it with Volatility. Continue your investigation to uncover how the ransomware works and how to stop it!

• Blue Team Labs Online

Monday, July 12, 2021 | 5 minutes Read

The Planet's Prestige (Email and Attachment Analysis)

https://blueteamlabs.online/home/challenge/10 What is the email service used by the malicious actor? What is the Reply-To email address? What is the filetype of the received attachment which helped to continue the investigation What is the name of the malicious actor? What is the location of the attacker in this Universe? What could be the probable C2 domain to control the attacker’s autonomous bots? What is the email service used by the malicious actor? Open the email in your favourite text editor (VSCode). The Received field tells you which server an email came from.

• Blue Team Labs Online

Sunday, June 20, 2021 | 3 minutes Read

Malicious PowerShell Analysis

https://blueteamlabs.online/home/challenge/7 Open the file Decode the file Deobfuscating the script Spacing Fillers Chars Variables Format Strings Replaces Splits Questions What security protocol is being used for the communication with a malicious domain? What directory does the obfuscated PowerShell create? (Starting from \HOME) What file is being downloaded (full name)? What is used to execute the downloaded file? What is the domain name of the URI ending in ‘/6F2gd/’ Based on the analysis of the obfuscated code, what is the name of the malware? Open the file Let’s open the text file in a text editor (I like VSCodium) and see what we’re dealing with.

• Blue Team Labs Online

Sunday, May 16, 2021 | 4 minutes Read