Disk Forensics
Master host-based forensics to analyze disk images, recover deleted data, examine registries, and reconstruct timelines for defensible evidence chains.
The Crime
Endpoint Forensics
Easy
1hr
Utilize ALEAPP to analyze Android device artifacts, reconstructing a victim's financial details, movements, and communication patterns.
6 Questions
Insider
Endpoint Forensics
Easy
45min
Analyze Linux disk image artifacts, including logs and Bash history, using FTK Imager to investigate insider threat activities and reconstruct user actions.
11 Questions
LockBit
Endpoint Forensics
Medium
1hr 30min
Reconstruct a multi-system LockBit ransomware attack chain by correlating Windows event logs, registry artifacts, and PowerShell activity to identify TTPs.
16 Questions
AndroidBreach
Endpoint Forensics
Medium
1hr 30min
Analyze an Android device dump and reverse engineer a malicious APK using ALEAPP and JADX-GUI to identify malware functionality, data exfiltration, and extract compromised credentials.
9 Questions
LummaStealer - Angry Likho
Endpoint Forensics
Medium
1hr
Analyze multi-stage malware behavior, decode obfuscated scripts, trace execution flow, and identify evasion, persistence, and exfiltration tactics using forensic tools.
7 Questions
Fog Ransomware - Fluttering Scorpius
Endpoint Forensics
Medium
1hr 30min
Reconstruct the Fog ransomware attack chain by analyzing browser, registry, event logs, and MFT artifacts to identify initial access, persistence, BYOVD privilege escalation, and IOCs.
13 Questions
Stealthy Ascent
Endpoint Forensics
Medium
2hrs
Reconstruct a Linux system's unauthorized access and ransomware incident by analyzing logs, browser, and email artifacts, decrypting payloads, and identifying persistence.
12 Questions
AfricanFalls
Endpoint Forensics
Medium
Reconstruct a suspect's digital activities and intent by analyzing browser history, system artifacts, deleted files, and credentials from a disk image using various forensic tools.
11 Questions
Hammered
Endpoint Forensics
Medium
45min
Analyze various Linux system logs using grep, awk, and sed to identify attacker TTPs, persistence, and reconstruct the attack timeline.
12 Questions
MeteorHit - Indra
Endpoint Forensics
Medium
1hr 30min
Reconstruct a wiper malware attack by analyzing registry, event logs, and USN journal artifacts using Registry Explorer, Event Log Explorer, and VirusTotal.
10 Questions
KrakenKeylogger
Endpoint Forensics
Medium
1hr
Analyze Windows 10 notification artifacts, installed applications, LNK files, and Applications logs to uncover malicious activity and enhance forensic investigation capabilities.
7 Questions
Trigona Ransomware - Water Ungaw
Endpoint Forensics
Medium
1hr
Learn to investigate ransomware attacks by analyzing logs, registry entries, and artifacts to trace attacker actions, tools used, and identify indicators of compromise.
11 Questions
Malicious PyPi
Endpoint Forensics
Medium
1hr
Perform forensic analysis on a compromised Windows system to identify malware, trace attacker activity, and understand persistence mechanisms.
10 Questions
VaultBreak
Endpoint Forensics
Medium
1hr 30min
Reconstruct a multi-stage attack by analyzing Sysmon, WMI, and Prefetch logs to identify initial infection, advanced persistence, and C2 communications.
10 Questions
Hunter
Endpoint Forensics
Medium
Evaluate forensic artifacts from a disk image to confirm unauthorized port scanning and assess user intent for installing illegal applications.
30 Questions
Beta Gamer
Endpoint Forensics
Medium
2hr 30min
Reconstruct an intrusion timeline by analyzing event logs, registry, file system, and network artifacts to identify attacker TTPs and data exfiltration.
15 Questions
MacLock
Endpoint Forensics
Medium
2hr 30min
Investigate macOS authentication artifacts, decrypt `kcpassword`, and extract secure notes from `login.keychain-db` using `Chainbreaker` to reconstruct user activity.
7 Questions
MinerHunt
Endpoint Forensics
Medium
1hr 30min
Correlate Windows Event Logs and Sysmon artifacts to reconstruct a SQL Server attack, identifying initial access, multiple persistence techniques, and the attacker's cryptomining objective.
17 Questions
Zerologon
Endpoint Forensics
Hard
Reconstruct a multi-stage attack by analyzing Windows event logs, USN Journal, and registry artifacts to identify TTPs, C2, and persistence mechanisms.
13 Questions