Public benchLIVE

What's on the bench.

5,040
Artifacts
26
Industries
18
Reads / week

All artifacts

5040
Industry
SKILL0

Analyzing Ransomware Encryption Mechanisms

Analyzes encryption algorithms, key management, and file encryption routines used by ransomware families to assess decryption feasibility, identify implementation weaknesses, and support recovery efforts. Covers AES, RSA, ChaCha20, and hybrid encryption schemes. Activates for requests involving ransomware cryptanalysis, encryption analysis, key recovery assessment, or ransomware decryption feasibility.

cybersecurity-soc+1
0
SKILL0

Analyzing Prefetch Files For Execution History

Parse Windows Prefetch files to determine program execution history including run counts, timestamps, and referenced files for forensic investigation.

cybersecurity-soc
0
SKILL0

Analyzing Powershell Empire Artifacts

Detect PowerShell Empire framework artifacts in Windows event logs by identifying Base64 encoded launcher patterns, default user agents, staging URL structures, stager IOCs, and known Empire module signatures in Script Block Logging events.

cybersecurity-soc
0
SKILL0

Analyzing Persistence Mechanisms In Linux

Detect and analyze Linux persistence mechanisms including crontab entries, systemd service units, LD_PRELOAD hijacking, bashrc modifications, and authorized_keys backdoors using auditd and file integrity monitoring

cybersecurity-soc
0
SKILL0

Analyzing PDF Malware With Pdfid

Analyzes malicious PDF files using PDFiD, pdf-parser, and peepdf to identify embedded JavaScript, shellcode, exploits, and suspicious objects without opening the document. Determines the attack vector and extracts embedded payloads for further analysis. Activates for requests involving PDF malware analysis, malicious document analysis, PDF exploit investigation, or suspicious attachment triage.

cybersecurity-soc
0
SKILL0

Analyzing Packed Malware With Upx Unpacker

Identifies and unpacks UPX-packed and other packed malware samples to expose the original executable code for static analysis. Covers both standard UPX unpacking and handling modified UPX headers that prevent automated decompression. Activates for requests involving malware unpacking, UPX decompression, packer removal, or preparing packed samples for analysis.

cybersecurity-soc
0
SKILL0

Analyzing Outlook Pst For Email Forensics

Analyze Microsoft Outlook PST and OST files for email forensic evidence including message content, headers, attachments, deleted items, and metadata using libpff, pst-utils, and forensic email analysis tools for legal investigations and incident response.

cybersecurity-soc
0
SKILL0

Analyzing Network Traffic For Incidents

Analyzes network traffic captures and flow data to identify adversary activity during security incidents, including command-and-control communications, lateral movement, data exfiltration, and exploitation attempts. Uses Wireshark, Zeek, and NetFlow analysis techniques. Activates for requests involving network traffic analysis, packet capture investigation, PCAP analysis, network forensics, C2 traffic detection, or exfiltration detection.

cybersecurity-soc
0
SKILL0

Analyzing Network Packets With Scapy

Craft, send, sniff, and dissect network packets using Scapy for protocol analysis, network reconnaissance, and traffic anomaly detection in authorized security testing

cybersecurity-soc
0
SKILL0

Analyzing Network Flow Data With Netflow

Parse NetFlow v9 and IPFIX records to detect volumetric anomalies, port scanning, data exfiltration, and C2 beaconing patterns. Uses the Python netflow library to decode flow records, builds traffic baselines, and applies statistical analysis to identify flows with abnormal byte counts, connection durations, and periodic timing patterns.

cybersecurity-soc
0
SKILL0

Analyzing Network Covert Channels In Malware

Detect and analyze covert communication channels used by malware including DNS tunneling, ICMP exfiltration, steganographic HTTP, and protocol abuse for C2 and data exfiltration.

cybersecurity-soc
0
SKILL0

Analyzing Mft For Deleted File Recovery

Analyze the NTFS Master File Table ($MFT) to recover metadata and content of deleted files by examining MFT record entries, $LogFile, $UsnJrnl, and MFT slack space using MFTECmd, analyzeMFT, and X-Ways Forensics.

cybersecurity-soc
0
SKILL0

Analyzing Memory Dumps With Volatility

Analyzes RAM memory dumps from compromised systems using the Volatility framework to identify malicious processes, injected code, network connections, loaded modules, and extracted credentials. Supports Windows, Linux, and macOS memory forensics. Activates for requests involving memory forensics, RAM analysis, volatile data examination, process injection detection, or memory-resident malware investigation.

cybersecurity-soc
0
SKILL0

Analyzing Malware Sandbox Evasion Techniques

Detect sandbox evasion techniques in malware samples by analyzing timing checks, VM artifact queries, user interaction detection, and sleep inflation patterns from Cuckoo/AnyRun behavioral reports

cybersecurity-soc
0
SKILL0

Analyzing Malware Persistence With Autoruns

Use Sysinternals Autoruns to systematically identify and analyze malware persistence mechanisms across registry keys, scheduled tasks, services, drivers, and startup locations on Windows systems.

cybersecurity-soc
0
SKILL0

Analyzing Malware Family Relationships With Malpedia

Use the Malpedia platform and API to research malware family relationships, track variant evolution, link families to threat actors, and integrate YARA rules for detection across malware lineages.

cybersecurity-soc
0
SKILL0

Analyzing Malware Behavior With Cuckoo Sandbox

Executes malware samples in Cuckoo Sandbox to observe runtime behavior including process creation, file system modifications, registry changes, network communications, and API calls. Generates comprehensive behavioral reports for malware classification and IOC extraction. Activates for requests involving dynamic malware analysis, sandbox detonation, behavioral analysis, or automated malware execution.

cybersecurity-soc
0
SKILL0

Analyzing Malicious URL With Urlscan

URLScan.io is a free service for scanning and analyzing suspicious URLs. It captures screenshots, DOM content, HTTP transactions, JavaScript behavior, and network connections of web pages in an isolat

cybersecurity-soc
0
SKILL0

Analyzing Malicious PDF With Peepdf

Perform static analysis of malicious PDF documents using peepdf, pdfid, and pdf-parser to extract embedded JavaScript, shellcode, and suspicious objects.

cybersecurity-soc
0
SKILL0

Analyzing Macro Malware In Office Documents

Analyzes malicious VBA macros embedded in Microsoft Office documents (Word, Excel, PowerPoint) to identify download cradles, payload execution, persistence mechanisms, and anti-analysis techniques. Uses olevba, oledump, and VBA deobfuscation to extract the attack chain. Activates for requests involving Office macro analysis, VBA malware investigation, maldoc analysis, or document-based threat examination.

cybersecurity-soc
0
SKILL0

Analyzing Lnk File And Jump List Artifacts

Analyze Windows LNK shortcut files and Jump List artifacts to establish evidence of file access, program execution, and user activity using LECmd, JLECmd, and manual binary parsing of the Shell Link Binary format.

cybersecurity-soc
0
SKILL0

Analyzing Linux System Artifacts

Examine Linux system artifacts including auth logs, cron jobs, shell history, and system configuration to uncover evidence of compromise or unauthorized activity.

cybersecurity-soc
0
SKILL0

Analyzing Linux Kernel Rootkits

Detect kernel-level rootkits in Linux memory dumps using Volatility3 linux plugins (check_syscall, lsmod, hidden_modules), rkhunter system scanning, and /proc vs /sys discrepancy analysis to identify hooked syscalls, hidden kernel modules, and tampered system structures.

cybersecurity-soc+1
0
SKILL0

Analyzing Linux Elf Malware

Analyzes malicious Linux ELF (Executable and Linkable Format) binaries including botnets, cryptominers, ransomware, and rootkits targeting Linux servers, containers, and cloud infrastructure. Covers static analysis, dynamic tracing, and reverse engineering of x86_64 and ARM ELF samples. Activates for requests involving Linux malware analysis, ELF binary investigation, Linux server compromise assessment, or container malware analysis.

cybersecurity-soc
0

Want your own bench?

Free for crews of 5. Connect your team in minutes.

Sign up free