BTLO – Investigation: Backstage

Link: https://blueteamlabs.online/home/investigation/98

We were notified of some unusual activity in our network from one of our newly set up servers. Not taking any chances, we immediately took the system down and decided to investigate. You are provided with access to the system and the network packet capture file. Find out what is going on!

Scenario
Restricted Content
This investigation is currently active on Blue Team Labs Online, thus is required to be password protected. You will need to wait until the investigation is retired for the full solution. In special circumstances, you may email me for the password.

Conclusion

This challenge definitely took a little bit. I was able to get most of the questions besides 2/3, I was overlooking the simple answers and looking too deep into it. I still found it a lot of fun to gather all the information and generate a timeline of the attack.

Comments

No comments available.

Leave a Reply

Your email address will not be published. Required fields are marked *