Cyberdefenders – Elastic-Case


An attacker was able to trick an employee into downloading a suspicious file and running it. The attacker compromised the system, along with that, The Security Team did not update most systems. The attacker was able to pivot to another system and compromise the company. As a SOC analyst, you are assigned to investigate the incident using Elastic as a SIEM tool and help the team to kick out the attacker.


  •  Threat Hunting with Elastic Stack by Andrew Pease (Book)
Leer más

Cyberdefenders – DetectLog4j writeup


For the last week, log4shell vulnerability has been gaining much attention not for its ability to execute arbitrary commands on the vulnerable system but for the wide range of products that depend on the log4j library. Many of them are not known till now. We created a challenge to test your ability to detect, analyze, mitigate and patch products vulnerable to log4shell.


Leer más

Cyberdefenders – MalDoc101 writeup

It is common for threat actors to utilize living off the land (LOTL) techniques, such as the execution of PowerShell to further their attacks and transition from macro code. This challenge is intended to show how you can often times perform quick analysis to extract important IOCs. The focus of this exercise is on static techniques for analysis.

Suggested Tools:

  • REMnux Virtual Machine (
  • Terminal/Command prompt w/ Python installed
  • Oledump
  • Text editor

En primer lugar vamos a instalar el software necesario para realizar el reto

Descargamos OLEDUMP

mkdir /opt/oledump
cd /opt/oledump

Instalamos oletools

pip install -U oletools
Leer más

Cyberdefenders – DeepDive writeup

En esta entrada nuevamente vamos a resolver un reto de Cyberdefenders. Vamos concretamente DeepDive en la cual vamos a tener que realizar mediante Volatility un análisis forense.

Dado que mis conocimientos de Volatility y análisis forense es bajo me a parecido un reto muy difícil la cual me a ayudado a saber mas sobre el funcionamiento de la memoria.


You have given a memory image for a compromised machine. Analyze the image and figure out attack details.



Leer más