Categoría: Cyberdefenders

Cyberdefenders – 3CX Supply Chain Lab writeup

rokitoh Deja un comentario

Instructions:

  • Uncompress the lab (pass: cyberdefenders.org)

Scenario:

A large multinational corporation heavily relies on the 3CX software for phone communication, making it a critical component of their business operations. After a recent update to the 3CX Desktop App, antivirus alerts flag sporadic instances of the software being wiped from some workstations while others remain unaffected. Dismissing this as a false positive, the IT team overlooks the alerts, only to notice degraded performance and strange network traffic to unknown servers. Employees report issues with the 3CX app, and the IT security team identifies unusual communication patterns linked to recent software updates.

As the threat intelligence analyst, it’s your responsibility to examine this possible supply chain attack. Your objectives are to uncover how the attackers compromised the 3CX app, identify the potential threat actor involved, and assess the overall extent of the incident. 

Tools:

    Leer más

    Cyberdefenders – Ramnit Blue Team Lab writeup

    rokitoh Deja un comentario

    Instructions:

    • Uncompress the lab (pass: cyberdefenders.org)

    Scenario:

    Our intrusion detection system has alerted us to suspicious behavior on a workstation, pointing to a likely malware intrusion. A memory dump of this system has been taken for analysis. Your task is to analyze this dump, trace the malware’s actions, and report key findings. This analysis is critical in understanding the breach and preventing further compromise.

    Tools:

    • Volatility 3
    Leer más

    Cyberdefenders – RedLine Blue Team Lab writeup

    rokitoh Deja un comentario

    Scenario:

    As a member of the Security Blue team, your assignment is to analyze a memory dump using Redline and Volatility tools. Your goal is to trace the steps taken by the attacker on the compromised machine and determine how they managed to bypass the Network Intrusion Detection System «NIDS». Your investigation will involve identifying the specific malware family employed in the attack, along with its characteristics. Additionally, your task is to identify and mitigate any traces or footprints left by the attacker.

    Tools:

    Leer más

    Cyberdefenders – XLM Macros writeup

    rokitoh Deja un comentario

    Recently, we have seen a resurgence of Excel-based malicous office documents. Howerver, instead of using VBA-style macros, they are using older style Excel 4 macros. This changes our approach to analyzing these documents, requiring a slightly different set of tools. In this challenge, you’ll get hands-on with two documents that use Excel 4.0 macros to perform anti-analysis and download the next stage of the attack.

    Samples:

    • Sample1: MD5: fb5ed444ddc37d748639f624397cff2a
    • Sample2: MD5: b5d469a07709b5ca6fee934b1e5e8e38

    Helpful Tools:

    • REMnux VM
    • XLMDeobfuscator
    • OLEDUMP with PLUGIN_BIFF
    • Office IDE
    Leer más

    Cyberdefenders – Elastic-Case

    rokitoh Deja un comentario

    Scenario:

    An attacker was able to trick an employee into downloading a suspicious file and running it. The attacker compromised the system, along with that, The Security Team did not update most systems. The attacker was able to pivot to another system and compromise the company. As a SOC analyst, you are assigned to investigate the incident using Elastic as a SIEM tool and help the team to kick out the attacker.

    Resources:

    •  https://www.elastic.co/
    •  Threat Hunting with Elastic Stack by Andrew Pease (Book)
    • https://www.youtube.com/playlist?list=PLeLcvrwLe184BoWZhv6Cf2kbi-bKBeDBI
    • https://www.youtube.com/c/OfficialElasticCommunity
    • https://www.elastic.co/blog/
    Leer más