BTLO – Challenge: Bruteforce


Can you analyze logs from an attempted RDP bruteforce attack?

One of our system administrators identified a large number of Audit Failure events in the Windows Security Event log.

There are a number of different ways to approach the analysis of these logs! Consider the suggested tools, but there are many others out there!

Scenario Description
Restricted Content
This investigation is currently active on Blue Team Labs Online, thus is required to be password protected. You will need to wait until the investigation is retired for the full solution. In special circumstances, you may email me for the password.


This was actually super easy of a challenge but I had a lot of fun honing my skills with cat, grep, sort, wc and awk on unix to carve out precisely the data we needed.


No comments available.

Leave a Reply

Your email address will not be published. Required fields are marked *