Boss Of The SOC v1 blue team ctf
Category : Threat Hunting
-
Weight : 50 | Solved : 6969
-
Weight : 50 | Solved : 5897
-
Weight : 50 | Solved : 5706
-
Weight : 50 | Solved : 5611
-
Weight : 250 | Solved : 4194
-
Weight : 250 | Solved : 3969
-
Weight : 500 | Solved : 4022
-
Weight : 100 | Solved : 3412
What IP address is likely attempting a brute force password attack against imreallynotbatman.com?
-
Weight : 50 | Solved : 3857
-
Weight : 50 | Solved : 3469
-
Weight : 250 | Solved : 3258
-
Weight : 1000 | Solved : 2691
-
Weight : 500 | Solved : 1759
-
Weight : 250 | Solved : 2857
-
Weight : 250 | Solved : 2626
-
Weight : 1000 | Solved : 2632
-
Weight : 500 | Solved : 2604
-
Weight : 500 | Solved : 2237
-
Weight : 500 | Solved : 2380
-
Weight : 50 | Solved : 2423
-
Weight : 50 | Solved : 2227
-
Weight : 250 | Solved : 2039
-
Weight : 500 | Solved : 2012
-
Weight : 500 | Solved : 1890
-
Weight : 500 | Solved : 1937
-
Weight : 50 | Solved : 1973
-
Weight : 250 | Solved : 1838
-
Weight : 50 | Solved : 1832
-
Weight : 250 | Solved : 1763
-
Weight : 250 | Solved : 1755
-
Weight : 1000 | Solved : 1702
Instructions:
- Virtualbox: unzip the VM (pass: cyberdefenders.org), start VM, and access Splunk from host machine via http://127.0.0.1:8000
- VMware: login to the VM using vagrant/vagrant and grab the IP address of the VM using "IP address" command. Access Splunk from the host machine using the IP address assigned to the VM via http://x.x.x.x:8000
- Challenge Files:
- bots1.ova (Memory: 4 GB, CPU: 2 Cores, Disk: 5.5 GB)
Scenario 1 (APT):
The focus of this hands on lab will be an APT scenario and a ransomware scenario. You assume the persona of Alice Bluebird, the soc analyst who has recently been hired to protect and defend Wayne Enterprises against various forms of cyberattack.
In this scenario, reports of the below graphic come in from your user community when they visit the Wayne Enterprises website, and some of the reports reference "P01s0n1vy." In case you are unaware, P01s0n1vy is an APT group that has targeted Wayne Enterprises. Your goal, as Alice, is to investigate the defacement, with an eye towards reconstructing the attack via the Lockheed Martin Kill Chain.
Scenario 2 (Ransomeware):
In the second scenario, one of your users is greeted by this image on a Windows desktop that is claiming that files on the system have been encrypted and payment must be made to get the files back. It appears that a machine has been infected with Cerber ransomware at Wayne Enterprises and your goal is to investigate the ransomware with an eye towards reconstructing the attack.
Here is a quick guide on how to get started with Splunk.
WriteUps
Submit Writeup-
SHA1SUM:89719952101ffdf7ee577aaed9a5f6c98934b812
-
Password:cyberdefenders.org
-
Size:1.9 GiB
-
Published:Aug. 3, 2020, midnight
First blood

cibermanchego
1113 days ago
Last solve

Mue
1 day ago
Authors