For this challenge, we've been tasked with investigating a disk image to find evidence of a gang's planned attack. We'll use Autopsy and ThumbCache Viewer to uncover the gang's plans and target.

For this challenge, we've been tasked with migrating systems to use the nftables firewall. We will need to enable the service, configure the rules, and enable logging on the Domain Controller.

For this challenge we'll be using Wireshark to investigate whether an endpoint has been compromised, types of scans conducted, which ports were open, and identify login attempts.

In this challenge we will be analyzing Sysmon Logs and a PCAP to uncover the actions taken by a threat actor throughout several stages of the Cyber Kill Chain.

In this NICE challenge we're tasked with creating OUs and assinging various permissions, GPOs, and configuring basic ACLs on a Linux fileshare.

PDFURI tasks us with performing disk forensics and analyzing artifacts with various tools, such as FTK Imager, Event Viewer, PDFStreamDumper, and DB Browser.

In this challenge, we'll be analyzing a pcap to identify various attacks against a webserver.

We've been tasked with analyzing the memory capture of a compromised device to find various IOCs and pieces of evidence, including the attacker's reverse shell, IP address, and location.

For this challenge we've been tasked with determining which user downloaded a malicious crack tool, where the file was downloaded, and what actions were taken by the second-stage payload.

For this challenge we've been tasked with finding the malicious process running on a compromised endpoint and to determine which user is responsible. This write-up includes instructions for Volatility 2 and corresponding commands for Volatility 3.