CyberCorp Case 1 Blue Team Challenge
Category : Endpoint Forensics
Attention! "CyberCorp Case 1" is no longer active and will not contribute to leaderboard points. However, you can still solve the lab and explore avaliable walkthroughs to gain valuable experience.
-
Weight : 50 | Solved : 642 | Average Solve Time: 1 minute
-
Weight : 50 | Solved : 555 | Average Solve Time: 5 minutes
-
Weight : 100 | Solved : 560 | Average Solve Time: 1 minute
-
Weight : 100 | Solved : 502 | Average Solve Time: 14 minutes
-
Weight : 150 | Solved : 320 | Average Solve Time: 23 minutes
-
Weight : 100 | Solved : 247 | Average Solve Time: 10 minutes
-
Weight : 100 | Solved : 332 | Average Solve Time: 27 minutes
-
Weight : 150 | Solved : 238 | Average Solve Time: 3 minutes
-
Weight : 100 | Solved : 265 | Average Solve Time: 5 minutes
-
Weight : 150 | Solved : 263 | Average Solve Time: 4 minutes
-
Weight : 100 | Solved : 301 | Average Solve Time: 1 minute
-
Weight : 100 | Solved : 251 | Average Solve Time: 1 minute
-
Weight : 100 | Solved : 247 | Average Solve Time: 3 minutes
-
Weight : 100 | Solved : 244 | Average Solve Time: 43 minutes
-
Weight : 50 | Solved : 285 | Average Solve Time: 1 minute
Instructions:
Unzip the challenge (pass: cyberdefenders.org), examine the image, and answer the provided questions.
Scenario
CyberCorp company has been informed that its infrastructure is likely to be compromised, as there are a number of anomalies in its outgoing traffic. The anomalies suggest that a known threat group behind this attack.
CyberCorp's security blue team isolated one of the potentially compromised hosts from the corporate network and collected artifacts necessary for the investigation: memory dump, OS event logs, registry files, Prefetch files, $MFT file, ShimCache, AmCache, network traffic dumps. You will have to analyze the collected artifacts and answer the questions to complete the investigation.
Tools:
Loading...