EcoShop, a leading e-commerce company, has reported an alarming spike in CPU and memory usage on its publicly accessible Confluence servers. This unexpected resource consumption has significantly impacted server responsiveness, causing potential service disruptions for employees. Initial diagnostics suggest that the issue may be linked to unauthorized access attempts or malicious activities targeting the system. As part of the forensic investigation, our objective is to identify the root cause of this anomaly, trace the attacker's actions, and determine the full scope of the compromise.
This lab will guide us through a structured forensic analysis, starting with the examination of system logs to pinpoint unauthorized access attempts. We will then analyze network activity, suspicious file executions, and potential malware deployments to uncover how the system was exploited. Using various forensic techniques and tools such as grep and sort, we will extract valuable insights from the system’s logs and identify critical indicators of compromise.
Additionally, threat intelligence techniques will be employed to investigate external entities interacting with the compromised system. By leveraging platforms like VirusTotal, we will assess whether any suspicious files or IP addresses are associated with known malware campaigns. Throughout this process, we will document each step to build a comprehensive attack timeline, enabling us to recommend effective mitigation strategies.
The ultimate goal of this investigation is to determine the tactics, techniques, and procedures (TTPs) used by the attacker, understand th