Cyberdefenders – Red-Orbita

Cyberdefenders – FakeGPT Lab writeup

24 enero, 202524 enero, 2025 rokitoh Deja un comentario

Instructions:

Uncompress the lab (pass: cyberdefenders.org)

Scenario:

Your cybersecurity team has been alerted to suspicious activity on your organization’s network. Several employees reported unusual behavior in their browsers after installing what they believed to be a helpful browser extension named «ChatGPT». However, strange things started happening: accounts were being compromised, and sensitive information appeared to be leaking.

Your task is to perform a thorough analysis of this extension identify its malicious components.

Cyberdefenders – 3CX Supply Chain Lab writeup

11 octubre, 202411 octubre, 2024 rokitoh Deja un comentario

Instructions:

Uncompress the lab (pass: cyberdefenders.org)

Scenario:

A large multinational corporation heavily relies on the 3CX software for phone communication, making it a critical component of their business operations. After a recent update to the 3CX Desktop App, antivirus alerts flag sporadic instances of the software being wiped from some workstations while others remain unaffected. Dismissing this as a false positive, the IT team overlooks the alerts, only to notice degraded performance and strange network traffic to unknown servers. Employees report issues with the 3CX app, and the IT security team identifies unusual communication patterns linked to recent software updates.

As the threat intelligence analyst, it’s your responsibility to examine this possible supply chain attack. Your objectives are to uncover how the attackers compromised the 3CX app, identify the potential threat actor involved, and assess the overall extent of the incident.

Tools:

Cyberdefenders – Ramnit Blue Team Lab writeup

9 julio, 20249 julio, 2024 rokitoh Deja un comentario

Instructions:

Uncompress the lab (pass: cyberdefenders.org)

Scenario:

Our intrusion detection system has alerted us to suspicious behavior on a workstation, pointing to a likely malware intrusion. A memory dump of this system has been taken for analysis. Your task is to analyze this dump, trace the malware’s actions, and report key findings. This analysis is critical in understanding the breach and preventing further compromise.

Tools:

Volatility 3

Cyberdefenders – RedLine Blue Team Lab writeup

4 julio, 20245 julio, 2024 rokitoh Deja un comentario

Scenario:

As a member of the Security Blue team, your assignment is to analyze a memory dump using Redline and Volatility tools. Your goal is to trace the steps taken by the attacker on the compromised machine and determine how they managed to bypass the Network Intrusion Detection System «NIDS». Your investigation will involve identifying the specific malware family employed in the attack, along with its characteristics. Additionally, your task is to identify and mitigate any traces or footprints left by the attacker.

Tools:

Volatility

Cyberdefenders – OpenWire

28 febrero, 202428 febrero, 2024 rokitoh Deja un comentario

Cyberdefenders – XLM Macros writeup

22 diciembre, 202316 agosto, 2024 rokitoh Deja un comentario

Recently, we have seen a resurgence of Excel-based malicous office documents. Howerver, instead of using VBA-style macros, they are using older style Excel 4 macros. This changes our approach to analyzing these documents, requiring a slightly different set of tools. In this challenge, you’ll get hands-on with two documents that use Excel 4.0 macros to perform anti-analysis and download the next stage of the attack.

Samples:

Sample1: MD5: fb5ed444ddc37d748639f624397cff2a
Sample2: MD5: b5d469a07709b5ca6fee934b1e5e8e38

Helpful Tools:

REMnux VM
XLMDeobfuscator
OLEDUMP with PLUGIN_BIFF
Office IDE

Cyberdefenders – Elastic-Case

29 junio, 202229 junio, 2022 rokitoh Deja un comentario

Scenario:

An attacker was able to trick an employee into downloading a suspicious file and running it. The attacker compromised the system, along with that, The Security Team did not update most systems. The attacker was able to pivot to another system and compromise the company. As a SOC analyst, you are assigned to investigate the incident using Elastic as a SIEM tool and help the team to kick out the attacker.

Resources:

https://www.elastic.co/
Threat Hunting with Elastic Stack by Andrew Pease (Book)
https://www.youtube.com/playlist?list=PLeLcvrwLe184BoWZhv6Cf2kbi-bKBeDBI
https://www.youtube.com/c/OfficialElasticCommunity
https://www.elastic.co/blog/

Cyberdefenders – Insider writeup

30 marzo, 202230 marzo, 2022 rokitoh Deja un comentario

Scenario:

After Karen started working for ‘TAAUSAI,’ she began to do some illegal activities inside the company. ‘TAAUSAI’ hired you to kick off an investigation on this case.

You acquired a disk image and found that Karen uses Linux OS on her machine. Analyze the disk image of Karen’s computer and answer the provided questions.

Tools:

FTK Imager

Cyberdefenders – Exfiltrated writeup

30 marzo, 202230 marzo, 2022 rokitoh Deja un comentario

Scenario

The enterprise EDR alerted for possible exfiltration attempts originating from a developer RedHat Linux machine. A fellow SOC member captured a disk image for the suspected machine and sent it for you to analyze and identify the attacker’s footprints.

Tools

Cyberdefenders – Hacked writeup

28 marzo, 202228 marzo, 2022 rokitoh Deja un comentario

You have been called to analyze a compromised Linux web server. Figure out how the threat actor gained access, what modifications were applied to the system, and what persistent techniques were utilized. (e.g. backdoors, users, sessions, etc).

Tools: