-
Weight : 50 | Solved : 1310
-
Weight : 50 | Solved : 1296
-
Weight : 50 | Solved : 1274
-
Weight : 100 | Solved : 1160
-
Weight : 50 | Solved : 1216
-
Weight : 100 | Solved : 1168
-
Weight : 100 | Solved : 1143
-
Weight : 100 | Solved : 1076
-
Weight : 100 | Solved : 1056
-
Weight : 100 | Solved : 1043
-
Weight : 50 | Solved : 1032
-
Weight : 100 | Solved : 1032
-
Weight : 150 | Solved : 991
-
Weight : 150 | Solved : 975
-
Weight : 150 | Solved : 978
-
Weight : 100 | Solved : 968
-
Weight : 100 | Solved : 965
-
Weight : 100 | Solved : 951
-
Weight : 150 | Solved : 943
-
Weight : 200 | Solved : 940
-
Weight : 200 | Solved : 927
-
Weight : 200 | Solved : 869
-
Weight : 200 | Solved : 864
-
Weight : 250 | Solved : 855
Instructions:
- Unzip the VM (pass: cyberdefenders.org)
- Virtualbox: Start the VM and login to using elastic/elastic and access Kibana from the host machine via http://127.0.0.1:5601
Scenario:
An attacker was able to trick an employee into downloading a suspicious file and running it. The attacker compromised the system, along with that, The Security Team did not update most systems. The attacker was able to pivot to another system and compromise the company. As a SOC analyst, you are assigned to investigate the incident using Elastic as a SIEM tool and help the team to kick out the attacker.
Resources:
- https://www.elastic.co/
- Threat Hunting with Elastic Stack by Andrew Pease (Book)
- https://www.youtube.com/playlist?list=PLeLcvrwLe184BoWZhv6Cf2kbi-bKBeDBI
- https://www.youtube.com/c/OfficialElasticCommunity
- https://www.elastic.co/blog/
WriteUps
Submit Writeup-
SHA1SUM:0eda6605d309486110f012bc8dc73e4652059b04
-
Password:cyberdefenders.org
-
Size:4.8 GB
-
Published:May 6, 2022, midnight
Authors