l337 S4uc3 Info Category : Digital Forensics, Incident response SHA1SUM : 94ac99ef544086f0be9f5f6b00ae1a0834b0027b Published : Nov. 16, 2021 Author : Wyatt Roersma Size : 117 MB Tags : Wireshark PCAP Memory Network Uncompress the challenge (pass: cyberdefenders.org) Scenario Everyone has heard of targeted attacks. Detecting these can be challenging, responding to these can be even more challenging. This scenario will test your network and host-based analysis skills to figure out the who, what, where, when, and how of this incident.

MrRobot Info Category : Digital Forensics SHA1SUM : b8dab80336c37688f276bfbfac0ac1681398a30d Published : May 18, 2022 Author : Wyatt Roersma Size : 1.1 GB Tags : PHISHINGWINDOWSMEMORYRAT Scenario An employee reported that his machine started to act strangely after receiving a suspicious email for a security update. The incident response team captured a couple of memory dumps from the suspected machines for further inspection. Analyze the dumps and help the IR team figure out what happened!

Seized Info Category : Digital Forensics SHA1SUM : a2c209bb3c221bc70f3418e079e2a22db3cebc53 Published : May 28, 2022 Authors : 2phi and Nofix Size : 162 MB Tags : LINUX MEMORY CENTOS ROOTKIT Unzip the challenge (pass: cyberdefenders.org), investigate this case, and answer the provided questions. Use the latest version of Volatility, place the attached Volatility profile “Centos7.3.10.1062.zip” in the following path volatility/volatility/plugins/overlays/linux. Scenario Using Volatility, utilize your memory analysis skills to Investigate the provided Linux memory snapshots and figure out attack details.

TeamSpy Info Category : Digital Forensics SHA1SUM : 1bc677daf51be254c8bfb9085f7375bbf1ee8e3b Published : June 4, 2022 Author : Wyatt Roersma Size : 1.4G Tags : GrrCon Memory WIndows TeamViewer Uncompress the challenge (pass: cyberdefenders.org) Scenario An employee reported that his machine started to act strangely after receiving a suspicious email with a document file. The incident response team captured a couple of memory dumps from the suspected machines for further inspection.

Ulysses Info Category : Digital Forensics SHA1SUM : b53238c60a72d6056dacff51ab041c9688553d07 Published : Oct. 19, 2020 Author : The Honeynet Project Size : 429M Tags : Volatility Linux Memory Disk Scenario A Linux server was possibly compromised and a forensic analysis is required in order to understand what really happened. Hard disk dumps and memory snapshots of the machine are provided in order to solve the challenge. Tools Volatility 010 Editor Autopsy Questions 1 2 3 4 5 6 7 8 9 vol.

WireDive Info Category : Digital Forensics SHA1SUM : a2aa9ad4831057e17df585bdac84efc05ec0413d Published : Oct. 7, 2020 Authors : Johannes Weber and Champlain College Size : 26M Tags : Wireshark PCAP SMB Network Uncompress the challenge (pass: cyberdefenders.org) Scenario WireDive is a combo traffic analysis exercise that contains various traces to help you understand how different protocols look on the wire. Challenge Files : dhcp.pcapng dns.pcapng https.pcapng network.pcapng secret_sauce.txt shell.pcapng smb.