Scenario
The #NSM gear flagged suspicious traffic coming from one of the organization’s web servers. Analyze the server’s captured memory image and figure out what happened.
Categoría: Cyberdefenders
Cyberdefenders – DetectLog4j writeup
Scenario
For the last week, log4shell vulnerability has been gaining much attention not for its ability to execute arbitrary commands on the vulnerable system but for the wide range of products that depend on the log4j library. Many of them are not known till now. We created a challenge to test your ability to detect, analyze, mitigate and patch products vulnerable to log4shell.
Tools:
Leer másCyberdefenders – MalDoc101 writeup
It is common for threat actors to utilize living off the land (LOTL) techniques, such as the execution of PowerShell to further their attacks and transition from macro code. This challenge is intended to show how you can often times perform quick analysis to extract important IOCs. The focus of this exercise is on static techniques for analysis.
Suggested Tools:
- REMnux Virtual Machine (remnux.org)
- Terminal/Command prompt w/ Python installed
- Oledump
- Text editor
En primer lugar vamos a instalar el software necesario para realizar el reto
Descargamos OLEDUMP
mkdir /opt/oledump
cd /opt/oledump
wget http://didierstevens.com/files/software/oledump_V0_0_60.zip
unzip oledump_V0_0_60.zipInstalamos oletools
pip install -U oletoolsCyberdefenders – Hammered writeup
En esta ocasión vamos a resolver el reto de Hammered en cyberdefenders
Detalles del reto:
This challenge takes you into the world of virtual systems and confusing log data. In this challenge, figure out what happened to this webserver honeypot using the logs from a possibly compromised server.
Leer másCyberdefenders – DeepDive writeup
En esta entrada nuevamente vamos a resolver un reto de Cyberdefenders. Vamos concretamente DeepDive en la cual vamos a tener que realizar mediante Volatility un análisis forense.
Dado que mis conocimientos de Volatility y análisis forense es bajo me a parecido un reto muy difícil la cual me a ayudado a saber mas sobre el funcionamiento de la memoria.
Scenario
You have given a memory image for a compromised machine. Analyze the image and figure out attack details.
Tools
Resources
Leer másCyberdefenders – Bucket writeup
Scenario
Welcome, Defender! As an incident responder, we’re granting you access to the AWS account called «Security» as an IAM user. This account contains a copy of the logs during the time period of the incident and has the ability to assume the «Security» role in the target account so you can look around to spot the misconfigurations that allowed for this attack to happen.
Credentials
Your IAM credentials for the Security account:
- Login: https://flaws2-security.signin.aws.amazon.com/console
- Account ID: 322079859186
- Username: security
- Password: password
- Access Key: AKIAIUFNQ2WCOPTEITJQ
- Secret Key: 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
Environment
The credentials above give you access to the Security account, which can assume the role of «security» in the Target account. You also have access to an S3 bucket, named flaws2_logs, in the Security account, that contains the CloudTrail logs recorded during a successful compromise
Leer másCyberdefenders – Intel101 writeup
En este reto practicaremos mediante técnicas Open-Source Intelligence (OSINT) la extracción y el análisis de datos públicos para obtener información significativa para investigar amenazas externas.
Sin mas preámbulos comenzamos el reto
Leer másCyberdefenders – Boss Of The SOC v1 writeup
En esta ocasión nos pasamos al bando azul y vamos a intentar resolver el primer reto que tenemos de Splunk en https://cyberdefenders.org llamado: Boss Of The SOC v1
En primer lugar tenemos que descargar la maquina virtual que nos proporcionan y acceder mediante nuestro navegador web http://x.x.x.x:8000
Leer más