CyberDefenders: RevealFor this investigation, we will be analyzing a memory dump from a compromised device. We will primarily investigate the process tree and command line artifacts to determine the source of the malicious activity.2024-11-05
CyberDefenders: Volatilty TracesWe've been tasked with performing memory analysis of a compromised endpoint to determine what activities were carried out by the malware. We will be analyzing the execution chain, tactics, and the responsible user account.2024-10-30
TryHackMe: Hunt Me II: Typo SquattersIn Hunt Me 2 we'll be querying ELK for artifacts left by the attacker. We'll utilize process IDs and Sysmon Event IDs to identify the execution chain and determine what user accounts were targeted and the scope of the impact.2024-10-18
TryHackMe: Hunt Me I: Payment CollectorsFor this task, we've been charged with analyzing an endpoint compromised by a malicious email attachment. We'll utilize ELK to hunt through Windows Event Logs for indicators of enumeration, malicious activity, and data exfiltration.2024-10-07
TryHackMe: Boogeyman 3The boogeyman is back yet again. This time we'll be analyzing the attack chain via ELK to determine what attacks were carried out, what credentials were stolen, and which systems were targeted.2024-10-02
TryHackMe: Boogeyman 2The boogeyman is back, and we've been tasked with analyzing a malicious document, analyzing its payload stages, and analyzing a memory capture of the infected endpoint.2024-09-23
TryHackMe: Boogeyman 1For this challenge, we are tasked with analyzing an email attachment and determining what malicious activities were performed by the malware. We will need to analyze powershell execution and network activity.2024-09-11
BlueTeamLabs: DefacedIn this challenge, we've been tasked with analyzing Apache logs to uncover what an attacker did before defacing the victim's website. We're given access to an ELK instance to perform our investigation.2024-09-05
TryHackMe: SlingshotSlingshot challenges us to investigate a compromised web server, using ELK, to discover a web-based attack. We're tasked with determining vulnerability exploitation, account compromise, and data exfiltration.2024-09-03
BlueTeamLabs: CountdownFor this challenge, we've been tasked with investigating a disk image to find evidence of a gang's planned attack. We'll use Autopsy and ThumbCache Viewer to uncover the gang's plans and target.2024-08-22