BTLO – Investigation: BEN


Ben was working very hard at FaanG industries to get a maximum percentage of the hike. He was talking about this with his HR as well. While he was preparing for a Salary Negotiation meeting, Ben received a phishing email and an attachment explaining to him a New Salary Negotiation process at the company. This resulted in the theft of the super-secret Database credentials of Ben. Necessary remediation steps were taken to reduce the damage. CISO advised the security team to study Ben’s case, analyze the Evidence and prepare an Awareness workshop with technical details of the attack. Evidence and the necessary analysis tools were placed on the Desktop. Note: If prompted for Admin Privileges choose BTLOPlayer account.

Restricted Content
This investigation is currently active on Blue Team Labs Online, thus is required to be password protected. You will need to wait until the investigation is retired for the full solution. In special circumstances, you may email me for the password.


This box was actually fairly challenging for me, particularly Q5 and Q8 as they did not rely solely on Noriben and required some out of the box thinking in order to find them. But I definitely felt I learned a lot and added some new tools under my blue team toolbelt!


No comments available.

Leave a Reply

Your email address will not be published. Required fields are marked *