L'espion Blue Team Challenge

Category : Threat Intel

4.4

Easy

Attention! "L'espion" is no longer active and will not contribute to leaderboard points. However, you can still solve the lab and explore avaliable walkthroughs to gain valuable experience.

File -> Github.txt:
What is the API key the insider added to his GitHub repositories?

Weight : 50 | Solved : 2227 | Average Solve Time: 2 minutes

File -> Github.txt:
What is the plaintext password the insider added to his GitHub repositories?

Weight : 50 | Solved : 2199 | Average Solve Time: 5 minutes

File -> Github.txt:
What cryptocurrency mining tool did the insider use?

Weight : 50 | Solved : 2140 | Average Solve Time: 9 minutes

What university did the insider go to?

Weight : 100 | Solved : 2008 | Average Solve Time: 17 minutes

What gaming website the insider had an account on?

Weight : 100 | Solved : 2014 | Average Solve Time: 1 minute

What is the link to the insider Instagram profile?

Weight : 50 | Solved : 1997 | Average Solve Time: 4 minutes

Where did the insider go on the holiday? (Country only)

Weight : 150 | Solved : 1936 | Average Solve Time: 1 minute

Where is the insider's family live? (City only)

Weight : 100 | Solved : 1928 | Average Solve Time: 4 minutes

File -> office.jpg:
You have been provided with a picture of the building in which the company has an office. Which city is the company located in?

Weight : 100 | Solved : 1976 | Average Solve Time: 2 minutes

Q10

File -> Webcam.png:
With the intel, you have provided, our ground surveillance unit is now overlooking the person of interest's suspected address. They saw them leaving their apartment and followed them to the airport. Their plane took off and has landed in another country. Our intelligence team spotted the target with this IP camera. Which state is this camera in?

Weight : 100 | Solved : 1933 | Average Solve Time: 5 minutes

Instructions:

Uncompress the challenge (pass: cyberdefenders.org)

You, as a soc analyst, have been tasked by a client whose network was compromised and brought offline to investigate the incident and determine the attacker's identity.

Incident responders and digital forensic investigators are currently on the scene and have conducted a preliminary investigation. Their findings show that the attack originated from a single user account, probably, an insider.

Investigate the incident, find the insider, and uncover the attack actions.

Tools

Need Help?

Join our Discord server, connect with fellow defenders, and get help while solving challenges.

First blood

hnl

864 days ago

Last solve

vinsica

today

L'espion Blue Team Challenge

Category : Threat Intel

BloodHound

Github

Mimikatz

OSINT

Tools

Need Help?

First blood

Last solve

Blog

Media Kit

Store

Careers

L'espion Blue Team Challenge

Category : Threat Intel

BloodHound

Github

Mimikatz

OSINT

Tools

Need Help?

First blood

Last solve