Link: https://blueteamlabs.online/home/challenge/40
Can you analyze logs from an attempted RDP bruteforce attack?
One of our system administrators identified a large number of Audit Failure events in the Windows Security Event log.
There are a number of different ways to approach the analysis of these logs! Consider the suggested tools, but there are many others out there!
Scenario Description
Conclusion
This was actually super easy of a challenge but I had a lot of fun honing my skills with cat, grep, sort, wc and awk on unix to carve out precisely the data we needed.
Comments
No comments available.