CyberDefenders: Insider blueteam challenge.

Insider

SHA1SUM	d820264d825fdaeb2146bf7b4c4e03684e700007
Published	May 25, 2021
Author	Champlain College
Size	83 MB
Tags	Linux Incident Response FTK Kali

Instructions	Unzip the challenge (pass: cyberdefenders.org) Load the AD1 image in FTK imager latest Windows version.

Your progress

0% Completed0/11 Questions

Your score

0/1025

Image Forensics

Last solve

1 day ago by asdf344

Scenario:

After Karen started working for 'TAAUSAI,' she began to do some illegal activities inside the company. 'TAAUSAI' hired you to kick off an investigation on this case.

You acquired a disk image and found that Karen uses Linux OS on her machine. Analyze the disk image of Karen's computer and answer the provided questions.

Tools:

FTK Imager

#	Question	Weight	Solved
#1	What distribution of Linux is being used on this machine?	50	331
Hint Report an issue

#2	What is the MD5 hash of the apache access.log?	50	315
Hint Report an issue

#3	It is believed that a credential dumping tool was downloaded? What is the file name of the download?	50	316
Hint Report an issue

#4	There was a super-secret file created. What is the absolute path?	75	295
Hint Report an issue

#5	What program used didyouthinkwedmakeiteasy.jpg during execution?	75	295
Hint Report an issue

#6	What is the third goal from the checklist Karen created?	75	297
Hint Report an issue

#7	How many times was apache run?	100	301
Hint Report an issue

#8	It is believed this machine was used to attack another. What file proves this?	125	293
Hint Report an issue

#9	Within the Documents file path, it is believed that Karen was taunting a fellow computer expert through a bash script. Who was Karen taunting?	125	287
Hint Report an issue

#10	A user su'd to root at 11:26 multiple times. Who was it?	150	285
Hint Report an issue

#11	Based on the bash history, what is the current working directory?	150	291
Hint Report an issue