Network Forensics
Investigate security incidents by analyzing packet captures, identifying malicious traffic patterns, and reconstructing cyber attacks from network communications.
XXE Infiltration
Network Forensics
Easy
45min
Analyze PCAP data using Wireshark to identify XXE vulnerabilities, extract compromised credentials, and detect web shell uploads for persistence.
7 Questions
RetailBreach
Network Forensics
Easy
45min
Investigate network traffic with Wireshark to identify attacker TTPs, extract XSS payloads and session tokens, and determine exploited web application vulnerabilities.
7 Questions
PsExec Hunt
Network Forensics
Easy
30min
Analyze SMB traffic in a PCAP file using Wireshark to identify PsExec lateral movement, compromised systems, user credentials, and administrative shares.
7 Questions
Tomcat Takeover
Network Forensics
Easy
30min
Analyze network traffic using Wireshark's custom columns, filters, and statistics to identify suspicious web server administration access and potential compromise.
8 Questions
JetBrains
Network Forensics
Easy
1hr
Analyze network traffic using Wireshark to identify web server exploitation, extract attacker IOCs and persistence mechanisms, and map attack techniques to MITRE ATT&CK.
9 Questions
Openfire
Network Forensics
Easy
45min
Reconstruct an Openfire server attack timeline by analyzing PCAP files with Wireshark to identify login attempts, plugin uploads, command execution, and the exploited CVE-2023-32315 vulnerability.
9 Questions
PacketDetective
Network Forensics
Easy
50min
Analyze network traffic in PCAP files using Wireshark to extract IOCs and reconstruct attacker tactics like authentication and remote execution.
8 Questions
DanaBot
Network Forensics
Easy
30min
Analyze network traffic using Wireshark to identify DanaBot initial access, deobfuscate malicious JavaScript, and extract IOCs like IPs, file hashes, and execution processes.
6 Questions
Web Investigation
Network Forensics
Easy
45min
Examine network traffic with Wireshark to investigate web server compromise, identify SQL injection, extract attacker credentials, and detect uploaded malware.
9 Questions
XLMRat
Network Forensics
Easy
30min
Analyze network traffic to identify malware delivery, deobfuscate scripts, and map attacker techniques using MITRE ATT&CK, focusing on stealthy execution and reflective code loading.
7 Questions
RCEMiner
Network Forensics
Medium
1hr
Correlate network traffic, RCE exploits, and C2 communications using Wireshark to reconstruct a multi-stage web server compromise, cryptomining, and lateral movement.
9 Questions
Malware Traffic Analysis 1
Network Forensics
Medium
Analyze network traffic using Wireshark to identify an infected host, trace an exploit kit infection chain, and extract malicious URLs and file hashes.
10 Questions
Malware Traffic Analysis 2
Network Forensics
Medium
1hr 30min
Reconstruct an exploit kit attack chain from network traffic, identifying the infected host, extracting malware, and determining the exploited CVE using Wireshark and forensic tools.
10 Questions
HawkEye
Network Forensics
Medium
Reconstruct a HawkEye Keylogger data exfiltration incident by analyzing network traffic with Wireshark and CyberChef, identifying IoCs and stolen credentials.
24 Questions
HoneyBOT
Network Forensics
Medium
Reconstruct a network intrusion by analyzing PCAP traffic with Wireshark, identifying a CVE-2003-0533 exploit, extracting malware, and performing shellcode analysis with scdbg to uncover attacker techniques and IOCs.
14 Questions
EscapeRoom
Network Forensics
Medium
Reconstruct a multi-stage attack by analyzing network traffic, cracking credentials, and reverse engineering malware using Wireshark, John the Ripper, and IDA Pro to identify persistence and C2 commands.
17 Questions
BlueSky Ransomware
Network Forensics
Medium
1hr
Reconstruct a BlueSky ransomware attack by analyzing network traffic, decoding PowerShell scripts, and examining persistence mechanisms to identify attacker tactics and IOCs.
16 Questions
SolarDisruption
Network Forensics
Hard
1hr 30min
Investigate PLC network traffic and system logs to identify insider manipulation attempts and determine the cause of the solar panel disruption at AetherCore Technologies.
12 Questions
TomCracked
Network Forensics
Hard
2hrs
Analyze a web server compromise by analyzing network traffic to trace a Java deserialization exploit and the subsequent deployment of a Cobalt Strike beacon.
21 Questions