Link: https://blueteamlabs.online/home/investigation/99
After a number of Windows servers saw a large CPU spike, can you identify what’s happened based on a suspicious PowerShell script found on each system?
You have been provided with the script, a PCAP from one of the affected servers, and a memory dump.
The Volatility profile needed is win10x64_17134.
Scenario Description
Comments
No comments available.