Posts

There was no level for each challenge so I am going to rate them as I found them Day1 InfectedWires Details Description: During a routine compromise assessment, a network capture was collected for analysis. As part of the assessment team, your task is to examine the PCAP and determine if signs of compromise exist. Level: Easy Challenge Link: Download Challenge Password: NLkEqTsGsYVbijpG97ec Writeup The investigation began with the review of a 1....

DokDok Challenge Overview Name: DokDok Level: Easy Link: docker pull mmox/dokdok Scenario A CyAPT group abused a public Docker image to stage a quick web deployment and drop a memory-resident miner. The attacker attempted to cover their tracks by removing the payload after installation. Your job is to recover evidence from the image layers and answer three questions: Attacker wallet address (Ethereum-style 0x...) Cryptocurrency balance remaining in that wallet Malware group name (APT name) Flag format:...

Important Event IDs for SOC Analysts System Log Event IDs Service Control Manager Events Event ID 7000: The service failed to start due to the following error… Event ID 7001: The service depends on the service which failed to start… Event ID 7034: The service terminated unexpectedly… Event ID 7040: The start type of the service was changed from… Event ID 7045: A service was installed in the system. System Shutdown and Startup Events Event ID 6005: The Event Log service was started....

SOC & DFIR Roadmap Last Modification Date: 6 Sep 2024 Introduction I know, you’ve seen countless roadmaps for starting a cybersecurity career. But let’s face it: any path can get you there if you stick with it. Here’s my suggested route to help you stay on track and avoid getting lost. Zero Level: Building the Foundation If you’re starting out in cybersecurity, you’ve probably heard you need to know a bit of everything....

Description We captured this traffic from P13's computer so can you help him? Tools 1- Wireshark 2- OSINT Tools 3- Reverse engineering 4- Python scripting Writeup Q1 in this challenge I got a network traffic. so let’s openit and investigate that traffics. As we can see there are 25,262 packets so let’s filter the streams to TCP protocols and check if there is anything suspicious. Okay got 7780 stream so let’s check the whole stream and find something interesting....