Persecure : my learning archive

Category: BlueTeam

  • BTLO: Network Analysis – Web Shell

    The SOC received an alert in their SIEM for ‘Local to Local Port Scanning’ where an internal private IP began scanning another internal system.

  • Insider

    You acquired a disk image and found that Karen uses Linux OS on her machine. Analyze the disk image of Karen’s computer and answer the provided questions.

  • ,

    L’espion

    You have been tasked by a client whose network was compromised and brought offline to investigate the incident and determine the attacker’s identity.

  • Conti
    ,

    Conti

    An Exchange server was compromised with ransomware. Use Splunk to investigate how the attackers compromised the server.

  • BTLO : The Planet’s Prestige

    Download the file and open it with a text editor. What is the email service used by the malicious actor? What is the Reply-To email address? What is the filetype of the received attachment which helped to continue the investigation? When investigating the file it shows as a pdf attachment. However when downloading the attachment…

  • BTLO : PowerShell Analysis – Keylogger

    A suspicious PowerShell script was found on one of our endpoints. Can you work out what it does? Unzip the folder and open the PowerShell script in a text editor. What is the SHA256 hash value for the PowerShell script file? Get the file hash with the sha256sum tool. What email address is used to…

  • ,

    BTLO : Malware Analysis – Ransomware Script

    One of our web servers recently got compromised and was hit with ransomware. Luckily we had a restore point just before the files were encrypted, and managed to recover a suspicious script file that didn’t appear to have been run yet. What is the malicious IP address referenced multiple times in the script? The script…

  • BTLO : Malicious PowerShell Analysis

    Recently the networks of a large company named GothamLegend were compromised after an employee opened a phishing email containing malware. The damage caused was critical and resulted in business-wide disruption. GothamLegend had to reach out to a third-party incident response team to assist with the investigation. You are a member of the IR team –…

  • BTLO : Network Analysis – Ransomware

    ABC Industries worked day and night for a month to prepare a tender document for a prestigious project that would secure the company’s financial future. The company was hit by ransomware, believed to be conducted by a competitor, and the final version of the tender document was encrypted. Right now they are in need of…

  • BTLO : Deep Blue

    BTLO : Deep Blue

    A Windows workstation was recently compromised, and evidence suggests it was an attack against internet-facing RDP, then Meterpreter was deployed to conduct ‘Actions on Objectives’. Can you verify these findings?

  • LetsDefend : Memory Analysis

    LetsDefend : Memory Analysis

    https://app.letsdefend.io/challenge/memory-analysis A Windows Endpoint was recently compromised. Thanks to our cutting-edge EDR/IDS solution we immediately noticed it. The alert was escalated to Tier 2 (Incident Responders) for further investigation. As our Forensics guy, you were given the memory dump of the compromised host. You should continue to investigate. Obtain the memory file from the zipped…

  • BTLO : Memory Analysis – Ransomware

    The Account Executive called the SOC earlier and sounds very frustrated and angry. He stated he can’t access any files on his computer and keeps receiving a pop-up stating that his files have been encrypted. You disconnected the computer from the network and extracted the memory dump of his machine and started analyzing it with…

  • LetsDefend : Email Analysis

    LetsDefend : Email Analysis

    You recently received an email from someone trying to impersonate a company, your job is to analyze the email to see if it is suspicious.

  • BTLO : Shiba Insider

    Can you uncover the insider?

  • BTLO : Phishing Analysis 2

    Put your phishing analysis skils to the test by triaging and collecting information about a recent phishing campaign.

  • ,

    BTLO : Phishing Analysis

    A user has received a phishing email and forwarded it to the SOC. Can you investigate the email and attachment to collect useful artifacts? Challenge Submission Who is the primary recipient of this email? (1 points) What is the subject of this email? (1 points) What is the date and time the email was sent?…

  • BTLO : Meta

    The attached images were posted by a criminal on the run, with the caption “I’m roaming free. You will never catch me” Challenge Submission Use the exiftool tool to find the meta data of the images. What is the camera model? (2 points) When was the picture taken? (2 points) What does the comment on…

  • LetsDefend : Disclose The Agent

    LetsDefend : Disclose The Agent

    We reached the data of an agent leaking information. You have to disclose the agent.

  • Phishing Email

    Phishing Email

    Your email address has been leaked and you receive an email from Paypal in German. Try to analyze the suspicious email.

  • Phishing Analysis Fundamentals

    Phishing Analysis Fundamentals

    Learn all the components that make up an email.

Create a website or blog at WordPress.com