cyberdefenders

Description A user thought they were downloading the SysInternals tool suite and attempted to open it, but the tools did not launch and became inaccessible. Since then, the user has observed that their system has gradually slowed down and become less responsive. Challenge Link : https://cyberdefenders.org/blueteam-ctf-challenges/55 Supportive Tools: Registry Explorer Event Log Explorer AppCompatCachParser VirsuTotal Web Cache View FTK Imager Autopsy Writeup Q1 1: What was the malicious executable file name that the user downloaded?...

Description This image was captured from an iPhone of a user who likes to play video games, especially Minecraft, and communicates with friends. But is this user doing something they shouldn't be?. We need to identify any kind of anomaly behavior done by this user. Challenge Link : https://cyberdefenders.org/blueteam-ctf-challenges/96 Supportive Tools: CyberChef iLEAPP dcode DB Browser for SQLite unfurl MacForensics PList Deserializer Writeup Q1 1: Personal List! -> How many items were on Patrick's shopping list?...

Description Recently, we have seen a resurgence of Excel-based malicous office documents. Howerver, instead of using VBA-style macros, they are using older style Excel 4 macros. This changes our approach to analyzing these documents, requiring a slightly different set of tools. In this challenge, you'll get hands-on with two documents that use Excel 4.0 macros to perform anti-analysis and download the next stage of the attack. Challenge Link : https://cyberdefenders....

Description This Ubuntu Linux honeypot was put online in Azure in early October to watch what happens with those exploiting CVE-2021-41773. Initially, there was a large number of crypto miners that hit the system. You will see one cron script meant to remove files named kinsing in /tmp. This was a way of preventing these miners so more interesting things could occur. Challenge Files: sdb.vhd.gz VHD of the main drive obtained through an Azure disk snapshot ubuntu....

Description A Linux server was possibly compromised and a forensic analysis is required in order to understand what really happened. Hard disk dumps and memory snapshots of the machine are provided in order to solve the challenge. Challenge Files: victoria-v8.kcore.img: memory dump done by dd’ing /proc/kcore. victoria-v8.memdump.img: memory dump done with memdump. Debian5_26.zip: volatility custom Linux profile. Challenge Link : https://cyberdefenders.org/labs/41 Supportive Tools: Volatilty 2.6 FTK imger HxD Writeup Q1 The attacker was performing a Brute Force attack....