BTLO – Investigation: Link


“I am a crime journalist for a reputed news agency. I was taking some notes last night in my com- puter; however, I saw a news in my drafts folder was updated at the same time and that was not me. I suspect I have been hacked. Please help me.” That’s what she said. I have disabled internet and administrator access on the PC for now. Good luck with the investigation.

Scenario Description
Restricted Content
This investigation is currently active on Blue Team Labs Online, thus is required to be password protected. You will need to wait until the investigation is retired for the full solution. In special circumstances, you may email me for the password.


Very straightforward lab! I was confused at first that the notepad on the desktop and when naturally opening documents was the actual notepad. It took me a bit to figure out the one in the taskbar was a clone that launched a malicious process in the background.


No comments available.

Leave a Reply

Your email address will not be published. Required fields are marked *