DFIR

DokDok Challenge Overview Name: DokDok Level: Easy Link: docker pull mmox/dokdok Scenario A CyAPT group abused a public Docker image to stage a quick web deployment and drop a memory-resident miner. The attacker attempted to cover their tracks by removing the payload after installation. Your job is to recover evidence from the image layers and answer three questions: Attacker wallet address (Ethereum-style 0x...) Cryptocurrency balance remaining in that wallet Malware group name (APT name) Flag format:...

Important Event IDs for SOC Analysts System Log Event IDs Service Control Manager Events Event ID 7000: The service failed to start due to the following error… Event ID 7001: The service depends on the service which failed to start… Event ID 7034: The service terminated unexpectedly… Event ID 7040: The start type of the service was changed from… Event ID 7045: A service was installed in the system. System Shutdown and Startup Events Event ID 6005: The Event Log service was started....

SOC & DFIR Roadmap Last Modification Date: 6 Sep 2024 Introduction I know, you’ve seen countless roadmaps for starting a cybersecurity career. But let’s face it: any path can get you there if you stick with it. Here’s my suggested route to help you stay on track and avoid getting lost. Zero Level: Building the Foundation If you’re starting out in cybersecurity, you’ve probably heard you need to know a bit of everything....

Description We captured this traffic from P13's computer so can you help him? Tools 1- Wireshark 2- OSINT Tools 3- Reverse engineering 4- Python scripting Writeup Q1 in this challenge I got a network traffic. so let’s openit and investigate that traffics. As we can see there are 25,262 packets so let’s filter the streams to TCP protocols and check if there is anything suspicious. Okay got 7780 stream so let’s check the whole stream and find something interesting....

Description The victim found out their private info was out there for everyone to see, and things got worse – the bad guys got into their money stuff, social media, and personal emails. We got an image of his machine so you can tell us what happened. Tools Tools Required 1- FTKimger 2- Notepad++ 3- DB Browser for SQLite Writeup From the challenge description, we can see that the victim’s PII was stolen....