2025-09-18 | #dfir #event #evtx #evtxecmd #htb #jq #log #mftecmd #pecmd #prefetch #sherlock #usnjournal #windows #zimmerman-tools
Tracer - DFIR Scenario A junior SOC analyst on duty has reported multiple alerts indicating the presence of PsExec on a workstation. They verified the alerts and escalated the alerts to tier II.
2024-06-21 | #dfir #dump #event #evtx #evtxecmd #floss #gimp #htb #image #jq #malware #memory #sherlock #volatility #windows #zimmerman-tools
Mellitus - DFIR Scenario You’ve been a SOC analyst for the last 4 years but you’ve been honing your incident response skills! It’s about time you bite the bullet and go for your dream job as an Incident Responder as that’s the path you’d like your career to follow.
2024-06-16 | #custom-web-app #cve-2022-24439 #git #gitpython #htb #internal-service #leak #linux #machine #metasploit #port-scan #secret #ssrf #xspa
Editorial - HTB Recon Let’s start off by Nmap’ing the target. Nmap # Nmap 7.94SVN scan initiated Tue Jun 18 07:58:25 2024 as: nmap -vvv -p 22,80 -sCV -oN nmap 10.
2024-06-15 | #cryptography #file-recovery #floss #ghidra #htb #jq #malware #ransomware #reverse-engineering #sherlock #static-analysis #virustotal
Lockpick 1 - Malware Analysis Scenario Forela needs your help! A whole portion of our UNIX servers have been hit with what we think is ransomware. We are refusing to pay the attackers and need you to find a way to recover the files provided.
2024-06-15 | #cryptography #cve-2023-46214 #dfir #exploit #file-recovery #file-system #htb #linux #log #pcap #reverse-engineering #sherlock #splunk #wireshark
Fragility (DFIR) Scenario In the monitoring team at our company, each member has access to Splunk web UI using an admin Splunk account. Among them, John has full control over the machine that hosts the entire Splunk system.
