For this challenge, we will use Wireshark to analyze the exploitation of CVE-2023-32315. We will apply various filters to keep our investigation focused on suspicious activities and to pivot on our findings.

For this investigation, we will be analyzing a memory dump from a compromised device. We will primarily investigate the process tree and command line artifacts to determine the source of the malicious activity.

We've been tasked with performing memory analysis of a compromised endpoint to determine what activities were carried out by the malware. We will be analyzing the execution chain, tactics, and the responsible user account.

In Hunt Me 2 we'll be querying ELK for artifacts left by the attacker. We'll utilize process IDs and Sysmon Event IDs to identify the execution chain and determine what user accounts were targeted and the scope of the impact.

For this task, we've been charged with analyzing an endpoint compromised by a malicious email attachment. We'll utilize ELK to hunt through Windows Event Logs for indicators of enumeration, malicious activity, and data exfiltration.

The boogeyman is back yet again. This time we'll be analyzing the attack chain via ELK to determine what attacks were carried out, what credentials were stolen, and which systems were targeted.

The boogeyman is back, and we've been tasked with analyzing a malicious document, analyzing its payload stages, and analyzing a memory capture of the infected endpoint.

For this challenge, we are tasked with analyzing an email attachment and determining what malicious activities were performed by the malware. We will need to analyze powershell execution and network activity.

In this challenge, we've been tasked with analyzing Apache logs to uncover what an attacker did before defacing the victim's website. We're given access to an ELK instance to perform our investigation.

Slingshot challenges us to investigate a compromised web server, using ELK, to discover a web-based attack. We're tasked with determining vulnerability exploitation, account compromise, and data exfiltration.