2024-06-15 | #access #dfir #htb #linux #log #phishing #phpbb #sherlock #sqlite3
Bumblebee (DFIR) Scenario An external contractor has accessed the internal forum here at Forela via the Guest Wi-Fi, and they appear to have stolen credentials for the administrative user! We have attached some logs from the forum and a full database dump in sqlite3 format to help you in your investigation.
2024-06-13 | #dfir #event #evtx #evtxecmd #firewall-event #htb #log #powershell-event #python-evtx #security-event #sherlock #system-event #windows #windows-defender-event #zimmerman-tools
LoLogjammer - DFIR Scenario You have been presented with the opportunity to work as a junior DFIR consultant for a big consultancy. However, they have provided a technical assessment for you to complete.
2024-06-12 | #alerts #exploit #forensic #htb #jq #json #linux #pcap #sherlock #siem #soc #wireshark
Meerkat - SOC Scenario As a fast-growing startup, Forela has been utilising a business management platform. Unfortunately, our documentation is scarce, and our administrators aren’t the most security aware. As our new security provider we’d like you to have a look at some PCAP and log data we have exported to confirm if we have (or have not) been compromised.
2024-06-11 | #dfir #dump #forensic #htb #malware #memory #sherlock #volatility #windows
RogueOne - DFIR Scenario Your SIEM system generated multiple alerts in less than a minute, indicating potential C2 communication from Simon Stark’s workstation. Despite Simon not noticing anything unusual, the IT team had him share screenshots of his task manager to check for any unusual processes.
2024-05-27 | #CVE-2023-3460 #dfir #htb #linux #LinuxCatScale #member #plugin #sherlock #ultimate #ultimatum #worpress
Ultimatum (DFIR) Scenario One of the Forela WordPress servers was a target of notorious Threat Actors (TA). The website was running a blog dedicated to the Forela Social Club, where Forela employees can chat and discuss random topics.
