SibaSec

CyberDefenders: Reveal

For this investigation, we will be analyzing a memory dump from a compromised device. We will primarily investigate the process tree and command line artifacts to determine the source of the malicious activity.

2024-11-05

CyberDefenders: Volatilty Traces

We've been tasked with performing memory analysis of a compromised endpoint to determine what activities were carried out by the malware. We will be analyzing the execution chain, tactics, and the responsible user account.

2024-10-30

TryHackMe: Hunt Me II: Typo Squatters

In Hunt Me 2 we'll be querying ELK for artifacts left by the attacker. We'll utilize process IDs and Sysmon Event IDs to identify the execution chain and determine what user accounts were targeted and the scope of the impact.

2024-10-18

TryHackMe: Hunt Me I: Payment Collectors

For this task, we've been charged with analyzing an endpoint compromised by a malicious email attachment. We'll utilize ELK to hunt through Windows Event Logs for indicators of enumeration, malicious activity, and data exfiltration.

2024-10-07

TryHackMe: Boogeyman 3

The boogeyman is back yet again. This time we'll be analyzing the attack chain via ELK to determine what attacks were carried out, what credentials were stolen, and which systems were targeted.

2024-10-02

TryHackMe: Boogeyman 2

The boogeyman is back, and we've been tasked with analyzing a malicious document, analyzing its payload stages, and analyzing a memory capture of the infected endpoint.

2024-09-23

TryHackMe: Boogeyman 1

For this challenge, we are tasked with analyzing an email attachment and determining what malicious activities were performed by the malware. We will need to analyze powershell execution and network activity.

2024-09-11

BlueTeamLabs: Defaced

In this challenge, we've been tasked with analyzing Apache logs to uncover what an attacker did before defacing the victim's website. We're given access to an ELK instance to perform our investigation.

2024-09-05

TryHackMe: Slingshot

Slingshot challenges us to investigate a compromised web server, using ELK, to discover a web-based attack. We're tasked with determining vulnerability exploitation, account compromise, and data exfiltration.

2024-09-03

BlueTeamLabs: Countdown

For this challenge, we've been tasked with investigating a disk image to find evidence of a gang's planned attack. We'll use Autopsy and ThumbCache Viewer to uncover the gang's plans and target.

2024-08-22