Un nouvel employé travaille tranquillement à son bureau, quand quelqu’un se présente devant pour ‘Livraison de galettes saucisses’. Il est nouveau, mais il se dit qu’en Bretagne, après tout, cela doit arriver.
Il est donc venu dans votre bureau vous demandez si vous aviez commandé, mais votre réponse est non. Il revient tout paniqué en vous disant que son anvitirus a enregistré un traffic USB inhabituel.
Unzip the challenge (pass: cyberdefenders.org)
A memory image was taken from a seized Windows machine. Analyze the image and answer the provided questions.
sudo vol -f 20210430-Win10Home-20H2-64bit-memdump.mem windows.info
Volatility 3 Framework 2.0.0
Progress: 100.00 PDB scanning finished
Variable Value
Kernel Base 0xf8043cc00000
DTB 0x1aa000
Symbols file:///usr/local/lib/python3.8/dist-packages/volatility3-2.0.0-py3.8.egg/volatility3/symbols/windows/ntkrnlmp.pdb/769C521E4833ECF72E21F02BF33691A5-1.json.xz
Is64Bit True
IsPAE False
layer_name 0 WindowsIntel32e
memory_layer 1 FileLayer
KdVersionBlock 0xf8043d80f368
Major/Minor 15.19041
MachineType 34404
KeNumberProcessors 4
SystemTime 2021-04-30 17:52:19
NtSystemRoot C:\Windows
NtProductType NtProductWinNt
NtMajorVersion 10
NtMinorVersion 0
PE MajorOperatingSystemVersion 10
PE MinorOperatingSystemVersion 0
PE Machine 34404
PE TimeDateStamp Tue Oct 11 07:04:26 1977Réponse : 2021-04-30 17:52:19
Uncompress the challenge (pass: cyberdefenders.org)
For the last week, log4shell vulnerability has been gaining much attention not for its ability to execute arbitrary commands on the vulnerable system but for the wide range of products that depend on the log4j library. Many of them are not known till now. We created a challenge to test your ability to detect, analyze, mitigate and patch products vulnerable to log4shell.
One of the SOC analysts took a memory dump from a machine infected with a meterpreter malware. As a Digital Forensicators, your job is to analyze the dump, extract the available indicators of compromise (IOCs) and answer the provided questions.
sha1sum Triage-Memory.mem
c95e8cc8c946f95a109ea8e47a6800de10a27abd Triage-Memory.memAnswer : c95e8cc8c946f95a109ea8e47a6800de10a27abd
Uncompress the challenge (pass: cyberdefenders.org)
An accountant at your organization received an email regarding an invoice with a download link. Suspicious network traffic was observed shortly after opening the email. As a SOC analyst, investigate the network trace and analyze exfiltration attempts.
Uncompress the challenge (pass: cyberdefenders.org)
Everyone has heard of targeted attacks. Detecting these can be challenging, responding to these can be even more challenging. This scenario will test your network and host-based analysis skills to figure out the who, what, where, when, and how of this incident. There is sure to be something for all skill levels and the only thing you need to solve the challenge is some l337 S4uc3!