-
Velociraptor: WALKTHROUGH
Velociraptor In this room, we will explore Rapid7’s newly acquired tool known as Velociraptor. Per the official Velociraptor documentation, “Velociraptor is a unique, advanced open-source endpoint monitoring, digital forensic and cyber response platform. It was developed by Digital Forensic and Incident Response (DFIR) professionals who needed a powerful…
-
Disgruntled: WALKTHROUGH
Hey, kid! Good, you’re here! Not sure if you’ve seen the news, but an employee from the IT department of one of our clients (CyberT) got arrested by the police. The guy was running a successful phishing operation as a side gig. CyberT wants us to check if…
-
Unattended: WALKTHROUGH
Welcome to the team, kid. I have something for you to get your feet wet. Our client has a newly hired employee who saw a suspicious-looking janitor exiting his office as he was about to return from lunch. I want you to investigate if there…
-
Intro to Malware Analysis
Every once in a while, when you are working as a SOC analyst, you will come across content (a file or traffic) that seems suspicious, and you will have to decide whether that content is malicious or not. It is normal to feel confused with all the…
-
TheHive Project
Welcome to TheHive Project Outline! This room will cover the foundations of using the TheHive Project, a Security Incident Response Platform. Specifically, we will be looking at: Before we begin, ensure you download the attached file, as it will be needed for Task 5. TheHive…
-
Kape: WALKTHROUGH
Revisiting Windows Forensics In the Windows Forensics 1 and Windows Forensics 2 rooms, we learned about the different artifacts which store information about a user’s activity on a system. We also learned where those artifacts are located and how they can be accessed and interpreted. However, we did all…
-
Windows Forensics 2:WALKTHROUGH
Introduction We learned about Windows Forensics in the previous room and practiced extracting forensic artifacts from the Windows Registry. We learned about gathering system information, user information, files and folders accessed, programs run, and external devices connected to the system, all from the Windows registry. However, the…
-
Windows Forensics 1: WALKTHROUGH
Introduction to Computer Forensics for Windows: Computer forensics is an essential field of cyber security that involves gathering evidence of activities performed on computers. It is a part of the wider Digital Forensics field, which deals with forensic analysis of all types of digital devices,…
-
DFIR An Introduction: WALKTHROUGH
Learning Objectives Security breaches and incidents happen despite the security teams trying their best to avoid them worldwide. The prudent approach in such a scenario is to prepare for the time when an incident will happen so that we are not caught off-guard. Thus, Digital…
-
Benign: WALKTHROUGH
We will investigate host-centric logs in this challenge room to find suspicious process execution. To learn more about Splunk and how to investigate the logs, look at the rooms splunk101 and splunk201. Room Machine Before moving forward, deploy the machine. When you deploy the machine, it will be…
Blog
