DFIR

Ryuk is a ransomware which encrypts its victim’s files and asks for a ransom via bitcoin to release the original files. It is has been observed being used to attack companies or professional environments. Cybersecurity experts figured out that Ryuk and Hermes ransomware shares pieces of codes. Hermes is commodity ransomware that has been observed for sale on dark-net forums and used by multiple threat actors. And I am going to do some analysis form a forensics perspective...

Description Company X has contacted you to perform forensics work on a recent incident that occurred. One of their employees had received an e-mail from a co-worker that pointed to a PDF file. Upon opening, the employee did not notice anything; however, they recently had unusual activity in their bank account. The initial theory is that a user received an e-mail, containing an URL leading to a forged PDF document....

Lab Challenge link difficulty Writeup link Lab 1 Beginner’s Luck Easy Lab 1 Lab 2 A New World Easy Lab 2 Lab 3 The Evil’s Den Easy - Medium Lab 3 Lab 4 Obsession Medium Lab 4 Lab 5 Black Tuesday Medium - Hard Lab 5 Lab 6 The Reckoning Hard Lab 6 Challenge description My sister's computer crashed. We were very fortunate to recover this memory dump. Your job is get all her important files from the system....

Lab Challenge link difficulty Writeup link Lab 1 Beginner’s Luck Easy Lab 1 Lab 2 A New World Easy Lab 2 Lab 3 The Evil’s Den Easy - Medium Lab 3 Lab 4 Obsession Medium Lab 4 Lab 5 Black Tuesday Medium - Hard Lab 5 Lab 6 The Reckoning Hard Lab 6 Challenge description One of the clients of our company, lost the access to his system due to an unknown error....

Lab Challenge link difficulty Writeup link Lab 1 Beginner’s Luck Easy Lab 1 Lab 2 A New World Easy Lab 2 Lab 3 The Evil’s Den Easy - Medium Lab 3 Lab 4 Obsession Medium Lab 4 Lab 5 Black Tuesday Medium - Hard Lab 5 Lab 6 The Reckoning Hard Lab 6 Challenge description A malicious script encrypted a very secret piece of information I had on my system....