Hafinum-APT blue team ctf
Category : Threat Hunting
-
Weight : 100 | Solved : 123
-
Weight : 100 | Solved : 121
-
Weight : 100 | Solved : 95
-
Weight : 100 | Solved : 115
-
Weight : 100 | Solved : 101
-
Weight : 100 | Solved : 96
-
Weight : 100 | Solved : 101
-
Weight : 100 | Solved : 100
-
Weight : 100 | Solved : 99
-
Weight : 100 | Solved : 85
-
Weight : 100 | Solved : 92
-
Weight : 100 | Solved : 91
-
Weight : 100 | Solved : 89
-
Weight : 100 | Solved : 86
-
Weight : 100 | Solved : 81
-
Weight : 100 | Solved : 78
-
Weight : 100 | Solved : 76
-
Weight : 100 | Solved : 84
-
Weight : 100 | Solved : 83
-
Weight : 100 | Solved : 88
-
Weight : 100 | Solved : 83
-
Weight : 100 | Solved : 80
-
Weight : 100 | Solved : 81
-
Weight : 100 | Solved : 73
-
Weight : 100 | Solved : 76
Scenario:
You work as a soc analyst for a consulting firm that specializes in digital forensics and incident response. You are assigned to investigate a security incident that occurred at a manufacturing plant that produces electronic components. The plant uses a variety of industrial control systems (ICS) to manage their production lines and other critical operations.
The security team at the plant detected suspicious network activity from an external IP address associated with the Hafnium threat actor group.
Your task is to investigate the incident and determine the extent of the compromise, the attacker's objectives, and the potential impact on the plant's operations. You have been provided with log files from the plant's servers and workstations, which include Windows event logs and TeamViewer logs. You must analyze the logs and gathering information about the attacker's activity.
Files:
- winevt.zip: Contains raw logs for those who want to use other tools for analysis.
- c83-HAFINUM.ova: A pre-configured ELK (Elastic, Logstash, Kibana) environment with the logs, which can be used to solve the challenge.
- Virtualbox: Start the VM and access Kibana from the host machine via http://127.0.0.1:5601. No need to login to the machine
Tools:
WriteUps
Submit Writeup-
SHA1SUM:9c41911c6a0fbd11e198a37b0da0fe32156b0ba0
-
Password:cyberdefenders.org
-
Size:4.3 GB
-
Published:May 4, 2023, midnight
Authors