Level 1: MINAF-PC7 Points Solved by First solvers
1.1 At which time did María José Feliz create the document "World_Happiness_Plan.docx" on her computer? 50 74% First to solve this challenge!SiCk-Boy
Second to solve this challenge!adriandlhc
Third to solve this challenge!bomoca
1.2 Which file generated the most recent AV alert? 50 74% First to solve this challenge!h4cK_3nD-B3Er5
Second to solve this challenge!SiCk-Boy
Third to solve this challenge!adriandlhc
1.3 If you look carefully in the user folder, you'll see some suspicious compressed files. What final extension is the most used? 50 89% First to solve this challenge!h4cK_3nD-B3Er5
Second to solve this challenge!SiCk-Boy
Third to solve this challenge!adriandlhc
1.4 Which payload do these files have? 75 68% First to solve this challenge!h4cK_3nD-B3Er5
Second to solve this challenge!SiCk-Boy
Third to solve this challenge!adriandlhc
1.5 In that folder there is DEFINITELY another file that Windows Defender strongly dislikes. Which one? 50 84% First to solve this challenge!h4cK_3nD-B3Er5
Second to solve this challenge!adriandlhc
Third to solve this challenge!bomoca
1.6 Where did all these malware was downloaded from? 75 79% First to solve this challenge!h4cK_3nD-B3Er5
Second to solve this challenge!SiCk-Boy
Third to solve this challenge!adriandlhc
1.7 Which user advises Maria Jose Files to "install" everything? 125 68% First to solve this challenge!h4cK_3nD-B3Er5
Second to solve this challenge!SiCk-Boy
Third to solve this challenge!adriandlhc
1.8 How many times have been the compressed payload successfully executed? 100 21% First to solve this challenge!SiCk-Boy
Second to solve this challenge!adriandlhc
Third to solve this challenge!Crow
1.9 María José Feliz shared this document with other user. Which one? 75 63% First to solve this challenge!h4cK_3nD-B3Er5
Second to solve this challenge!SiCk-Boy
Third to solve this challenge!adriandlhc
Level 2: Alert! Emergency! Points Solved by First solvers
2.1 María José Feliz shared this file with an user ... who reshared it with a third user. Who? 75 53% First to solve this challenge!h4cK_3nD-B3Er5
Second to solve this challenge!SiCk-Boy
Third to solve this challenge!adriandlhc
2.2. When did the attackers got the World_Happiness_Plan.docx? 100 42% First to solve this challenge!h4cK_3nD-B3Er5
Second to solve this challenge!SiCk-Boy
Third to solve this challenge!adriandlhc
2.3 ... and from which IP address? 50 42% First to solve this challenge!h4cK_3nD-B3Er5
Second to solve this challenge!SiCk-Boy
Third to solve this challenge!adriandlhc
2.4 The attackes have given themselves permissions over two Sharepoint sites. Who are their owners? 75 26% First to solve this challenge!SiCk-Boy
Second to solve this challenge!Meta
Third to solve this challenge!H0nt3
2.5 Attackers also created an email rule that filtered out some keywords. Which ones? 75 21% First to solve this challenge!SiCk-Boy
Second to solve this challenge!Meta
Third to solve this challenge!Traxos
2.6 To expand their activities, the attackers have obtained full access to some mailboxes. Which ones? 75 21% First to solve this challenge!SiCk-Boy
Second to solve this challenge!Meta
Third to solve this challenge!Traxos
2.7 Attackers have left a privileged backdoor to MINAF's O365. Which form does it take? 125 21% First to solve this challenge!SiCk-Boy
Second to solve this challenge!Meta
Third to solve this challenge!Traxos
2.8 When the attackers did first successfully use the stolen account ? 75 21% First to solve this challenge!SiCk-Boy
Second to solve this challenge!Traxos
Third to solve this challenge!Meta
2.9 Which in the "innocent" password of the compromised account ? 100 32% First to solve this challenge!h4cK_3nD-B3Er5
Second to solve this challenge!SiCk-Boy
Third to solve this challenge!Traxos
Level 3: We're not happy Points Solved by First solvers
3.1 Attackers have tricked someone to consent the installation of something. What is its name? 125 26% First to solve this challenge!SiCk-Boy
Second to solve this challenge!Meta
Third to solve this challenge!Coffee Enjoyer
3.2 Who fooled this user to install the "thingy" ? 75 26% First to solve this challenge!h4cK_3nD-B3Er5
Second to solve this challenge!SiCk-Boy
Third to solve this challenge!Meta
3.3 This kind of attack is EXACTLY called ... 100 16% First to solve this challenge!SiCk-Boy
Second to solve this challenge!Meta
Third to solve this challenge!Traxos
3.4 The compromised user have connecting from another countries ... Which one is the most frequent? 50 21% First to solve this challenge!SiCk-Boy
Second to solve this challenge!Meta
Third to solve this challenge!Traxos
3.5 The attackers are nice tricksters because they also fooled this user. Which URL did they make him/her click? 100 16% First to solve this challenge!SiCk-Boy
Second to solve this challenge!Meta
Third to solve this challenge!Traxos
3.6 Before this successful attack, they tried another one, more sneaky but unsucessful. Could you tell the "code" they used? 100 16% First to solve this challenge!Traxos
Second to solve this challenge!Meta
Third to solve this challenge!Manny Rivera
3.7 From which REAL domain was this last attack launched? 75 21% First to solve this challenge!SiCk-Boy
Second to solve this challenge!Meta
Third to solve this challenge!Traxos
3.8 In what time the attackers first set foot on MINAF's O365 infrastructure? 100 16% First to solve this challenge!SiCk-Boy
Second to solve this challenge!Meta
Third to solve this challenge!Traxos