Description Our friend fell victim to a suspicious crack tool. but it seems it didn't goes in the right path so investigate it to find any evidence. Tools Tools Required 1- Volatility 2- Notepad++ 3- VirusTotal or VM. 4- Linux Command Line Writeup Q1 How many users are on the machine? In this question we can use filescan then grep the Users and sort them and find the uniq...
Description Our friend fell victim to a ransomware attack and reached out to seek your expertise in analyzing the system to uncover the cause of the breach. We have provided you with a memory dump of his computer as the starting point for your investigation. Tools Tools Required 1- Volatility 2- Notepad++ 3- VirusTotal or VM. Writeup Q1 What is the dump profile? Well by checking the file we got it’s a memory dump so we are going to use volatility in this case for our investigations....
Description A user thought they were downloading the SysInternals tool suite and attempted to open it, but the tools did not launch and became inaccessible. Since then, the user has observed that their system has gradually slowed down and become less responsive. Challenge Link : https://cyberdefenders.org/blueteam-ctf-challenges/55 Supportive Tools: Registry Explorer Event Log Explorer AppCompatCachParser VirsuTotal Web Cache View FTK Imager Autopsy Writeup Q1 1: What was the malicious executable file name that the user downloaded?...
Description This Ubuntu Linux honeypot was put online in Azure in early October to watch what happens with those exploiting CVE-2021-41773. Initially, there was a large number of crypto miners that hit the system. You will see one cron script meant to remove files named kinsing in /tmp. This was a way of preventing these miners so more interesting things could occur. Challenge Files: sdb.vhd.gz VHD of the main drive obtained through an Azure disk snapshot ubuntu....
Description A Linux server was possibly compromised and a forensic analysis is required in order to understand what really happened. Hard disk dumps and memory snapshots of the machine are provided in order to solve the challenge. Challenge Files: victoria-v8.kcore.img: memory dump done by dd’ing /proc/kcore. victoria-v8.memdump.img: memory dump done with memdump. Debian5_26.zip: volatility custom Linux profile. Challenge Link : https://cyberdefenders.org/labs/41 Supportive Tools: Volatilty 2.6 FTK imger HxD Writeup Q1 The attacker was performing a Brute Force attack....