BTLO – Investigation: Backstage


We were notified of some unusual activity in our network from one of our newly set up servers. Not taking any chances, we immediately took the system down and decided to investigate. You are provided with access to the system and the network packet capture file. Find out what is going on!

Restricted Content
This investigation is currently active on Blue Team Labs Online, thus is required to be password protected. You will need to wait until the investigation is retired for the full solution. In special circumstances, you may email me for the password.


This challenge definitely took a little bit. I was able to get most of the questions besides 2/3, I was overlooking the simple answers and looking too deep into it. I still found it a lot of fun to gather all the information and generate a timeline of the attack.


No comments available.

Leave a Reply

Your email address will not be published. Required fields are marked *