Introduction
Welcome to the TeamCity Exploit Lab walkthrough. This lab is designed to simulate a real-world cyberattack, focusing on a sophisticated breach against a network utilizing TeamCity. As a blue team analyst, your goal is to conduct a comprehensive investigation, identify indicators of compromise (IOCs), and uncover the tactics, techniques, and procedures (TTPs) used by the attackers.
The scenario involves analyzing a network compromise caused by leveraging known vulnerabilities within TeamCity. Attackers exploit these vulnerabilities to gain initial access, escalate privileges, execute commands, exfiltrate data, and deploy ransomware.
As a blue team analyst, your mission is to perform a thorough investigation of the breach, uncover the full extent of the attack, and identify the tactics, techniques, and procedures (TTPs) utilized by the attackers. To support your investigation, you are provided with:
-
Triage Images: From the compromised hosts (e.g.,
JB01,SQL,DC01,IT01). -
Splunk Logs: A centralized log repository containing event logs from all compromised systems.
Unlock Your Full Learning Experience with BlueYard Labs
Sign up to track your progress, unlock exclusive labs, and showcaseyour achievements—begin your journey now! Join for Free