And here we go! The first day revolves around Frameworks and gives us a simple overview of the few available frameworks that deal with cybersecurity events, with links to the more in-depth rooms co...
Lately I’ve been in a rather deep slump when it comes to studying the things that I should, and instead I’ve been finding it more interesting to just read up on solar panels and whatnot and tinker ...
When I started my homelab journey back couple-or-so years ago at almost the height of lack of availability and high prices I got myself a little dual core Celeron NUC kit, which I then fitted out w...
Scenario Mike is a young entrepreneur that recently started a pharmaceutical company online that supplies personal health products. As the business is growing at a rapid pace, Mike pressured the d...
This is a write-up for the LetsDefend Challende - REvil Ransomware, where we’re tasked with investigating a memory dump of a compromised machine to find evidence of the ransomware attack the system...
In this exercise we’re notified of suspicious Rundll32 activity and told to check it out. Define Threat Indicator First of all we need to check if the alert actually checks out, and doing a quick...
Mr Robot likely needs no introductions, and in this room we’re going to tackle a CTF built around the theme of this hit TV series. This is rated suitable for beginners, and it doesn’t require too m...
In this exercise we’re notified of multiple suspicious FTP connection attempts, so let’s dive into the logs and try to figure out what’s what. Detection Data Collection First things first we nee...
Scenario The SOC received an alert in their SIEM for ‘Local to Local Port Scanning’ where an internal private IP began scanning another internal system. Can you investigate and determine if this a...
This time we have a quick alert (oops, did I already give away the final answer?) to check out, so without any further ado, let’s get defending. Understand Why the Alert Was Triggered The SIEM a...
A new version of content is available.
