Level 1: MINAF-PC7 Points Solved by First solvers
1.1 At which time did María José Feliz create the document "World_Happiness_Plan.docx" on her computer? 50 75% First to solve this challenge!SiCk-Boy
Second to solve this challenge!adriandlhc
Third to solve this challenge!bomoca
1.2 Which file generated the most recent AV alert? 50 100% First to solve this challenge!h4cK_3nD-B3Er5
Second to solve this challenge!SiCk-Boy
Third to solve this challenge!adriandlhc
1.3 If you look carefully in the folder where the previous file were, you'll see some suspicious compressed files. What extension is the most used? 50 100% First to solve this challenge!h4cK_3nD-B3Er5
Second to solve this challenge!SiCk-Boy
Third to solve this challenge!adriandlhc
1.4 Which payload do these files have? 75 75% First to solve this challenge!h4cK_3nD-B3Er5
Second to solve this challenge!SiCk-Boy
Third to solve this challenge!adriandlhc
1.5 In that folder there is DEFINITELY another file that Windows Defender strongly dislikes. Which one? 50 75% First to solve this challenge!h4cK_3nD-B3Er5
Second to solve this challenge!adriandlhc
Third to solve this challenge!bomoca
1.6 Where did all these malware was downloaded from? 75 75% First to solve this challenge!h4cK_3nD-B3Er5
Second to solve this challenge!SiCk-Boy
Third to solve this challenge!adriandlhc
1.7 Which user advises Maria Jose Files to "install" everything? 125 75% First to solve this challenge!h4cK_3nD-B3Er5
Second to solve this challenge!SiCk-Boy
Third to solve this challenge!adriandlhc
1.8 How many times have been the compressed payload successfully executed? 100 50% First to solve this challenge!SiCk-Boy
Second to solve this challenge!adriandlhc
1.9 María José Feliz shared this document with other user. Which one? 75 75% First to solve this challenge!h4cK_3nD-B3Er5
Second to solve this challenge!SiCk-Boy
Third to solve this challenge!adriandlhc
Level 2: Alert! Emergency! Points Solved by First solvers
2.1 María José Feliz shared this file with an user ... who reshared it with a third user. Who? 75 75% First to solve this challenge!h4cK_3nD-B3Er5
Second to solve this challenge!SiCk-Boy
Third to solve this challenge!adriandlhc
2.2. When did the attackers got the World_Happiness_Plan.docx? 100 75% First to solve this challenge!h4cK_3nD-B3Er5
Second to solve this challenge!SiCk-Boy
Third to solve this challenge!adriandlhc
2.3 ... and from which IP address? 50 75% First to solve this challenge!h4cK_3nD-B3Er5
Second to solve this challenge!SiCk-Boy
Third to solve this challenge!adriandlhc
2.4 The attackes have given themselves permissions over two Sharepoint sites. Who are their owners? 75 25% First to solve this challenge!SiCk-Boy
2.5 Attackers also created an email rule that filtered out some keywords. Which ones? 75 25% First to solve this challenge!SiCk-Boy
2.6 To expand their activities, the attackers have obtained full access to some mailboxes. Which ones? 75 25% First to solve this challenge!SiCk-Boy
2.7 Attackers have left a privileged backdoor to MINAF's O365. Which form does it take? 125 25% First to solve this challenge!SiCk-Boy
2.8 When the attackers did first successfully use the stolen account ? 75 25% First to solve this challenge!SiCk-Boy
2.9 Which in the "innocent" password of the compromised account ? 100 50% First to solve this challenge!h4cK_3nD-B3Er5
Second to solve this challenge!SiCk-Boy
Level 3: We're not happy Points Solved by First solvers
3.1 Attackers have tricked someone to consent the installation of something. What is its name? 125 25% First to solve this challenge!SiCk-Boy
3.2 Who fooled this user to install the "thingy" ? 75 50% First to solve this challenge!h4cK_3nD-B3Er5
Second to solve this challenge!SiCk-Boy
3.3 This kind of attack is EXACTLY called ... 100 25% First to solve this challenge!SiCk-Boy
3.4 The compromised user have connecting from another countries ... Which one is the most frequent? 50 25% First to solve this challenge!SiCk-Boy
3.5 The attackers are nice tricksters because they also fooled this user. Which URL did they make him/her click? 100 25% First to solve this challenge!SiCk-Boy
3.6 Before this successful attack, they tried another one, more sneaky but unsucessful. Could you tell the "code" they used? 100 0% Unsolved
3.7 From which REAL domain was this last attack launched? 75 25% First to solve this challenge!SiCk-Boy
3.8 In what time the attackers first set foot on MINAF's O365 infrastructure? 100 25% First to solve this challenge!SiCk-Boy