Scoreboard : DFIR CTF - The dangers of daydreaming in the clouds - O365 training scenario

#	Team	Points
1	Traxos	2,125
2	Meta	2,025
3	A por ello	1,625
4	H0nt3	850
5	Crow	650
6	Gremlins	650
7	Riddler	550
8	BootCamp Rooted 2023	500
9	Bururu	475
10	Mack	425
11	AP	400
12	BRVT3F0RC3	175
13	Carlos	175
14	N/A	175
15	Coffee Enjoyer	175
16	Juan Carlos López Díaz	100
17	Akna	0
18	Tream-O365	0
19	Frederico	0
20	Replicador	0
21	BOR	0
22	DGF_JC	0
23	MF	0
24	Rafban	0
25	AFRDP	0

#	Team	Points
1	PhineasFisher	2,125
2	crisix	2,125
3	JuanXXIII	2,125
4	cpou	2,125
5	atila	2,125
6	mary4	2,125
7	Xeyuin	2,025
8	JonDoe	1,875
9	Ps	1,850
10	mer	1,825
11	BXVI	1,825
12	Ellendar	1,775
13	aillusion	1,725
14	fernandogf	1,625
15	martafg	1,550
16	bikthor	650
17	cikixa7241	575
18	Rivery	450
19	RootedR	150
20	xunta2024	0
21	RootedCom24	0
22	usuario1	0

#	Team	Points
1	APF46	2,125
2	BOTS	2,125
3	spr	1,975
4	user	1,975
5	Team Kakamora	1,975
6	Pandrades	1,925
7	L	1,875
8	notFound	1,850
9	V3ga	1,800
10	Peritus	1,750
11	Gerardo	1,725
12	mips	1,600
13	Gustavo A. Iglesias	1,575
14	Road Runner	1,525
15	CMG	1,475
16	crispuga	1,125
17	Zapper	875
18	Team Red	650
19	Worldsleaks	550
20	Angel	550
21	daniMM	525
22	IES TEIS	475
23	ProfeAFIteis	475
24	Jeiro	475
25	Claudio Bernardez Duran	425
26	Dani	350
27	cuernomax2	275
28	cora	150
29	Antoniiio	50
30	probandoverano	0
31	Teis	0

Level 1: MINAF-PC7	Points	Solved by	First solvers
1.1 At which time did María José Feliz create the document "World_Happiness_Plan.docx" on her computer?	50	78%	SiCk-Boy adriandlhc bomoca
1.2 Which file generated the most recent AV alert?	50	90%	h4cK_3nD-B3Er5 SiCk-Boy adriandlhc
1.3 If you look carefully in the user folder, you'll see some suspicious compressed files. What final (real) extension is the most used?	50	91%	h4cK_3nD-B3Er5 SiCk-Boy adriandlhc
1.5 In that folder there is DEFINITELY another file that Windows Defender strongly dislikes. Which one?	50	80%	h4cK_3nD-B3Er5 adriandlhc bomoca
1.4 Which payload do these files have?	75	73%	h4cK_3nD-B3Er5 SiCk-Boy adriandlhc
1.6 Where did all these malware was downloaded from?	75	77%	h4cK_3nD-B3Er5 SiCk-Boy adriandlhc
1.9 María José Feliz shared this document with other user. Which one?	75	65%	h4cK_3nD-B3Er5 SiCk-Boy adriandlhc
1.8 How many times have been the compressed payload successfully executed?	100	49%	SiCk-Boy adriandlhc Crow
1.7 Which user advises Maria Jose Files to "install" everything?	125	78%	h4cK_3nD-B3Er5 SiCk-Boy adriandlhc

Level 2: Alert! Emergency!	Points	Solved by	First solvers
2.3 ... and from which IP address?	50	47%	h4cK_3nD-B3Er5 SiCk-Boy adriandlhc
2.1 María José Feliz shared this file with an user ... who reshared it with a third user. Who?	75	57%	h4cK_3nD-B3Er5 SiCk-Boy adriandlhc
2.4 The attackes have given themselves permissions over two Sharepoint sites. Who are their owners?	75	49%	SiCk-Boy Meta H0nt3
2.5 Attackers also created an email rule that filtered out some keywords. Which ones?	75	46%	SiCk-Boy Meta Traxos
2.6 To expand their activities, the attackers have obtained full access to some mailboxes. Which ones?	75	47%	SiCk-Boy Meta Traxos
2.8 When the attackers did first successfully use the stolen account ?	75	53%	SiCk-Boy Traxos Meta
2.2. When did the attackers got the World_Happiness_Plan.docx?	100	49%	h4cK_3nD-B3Er5 SiCk-Boy adriandlhc
2.9 Which in the "innocent" password of the compromised account ?	100	49%	h4cK_3nD-B3Er5 SiCk-Boy Traxos
2.7 Attackers have left a privileged backdoor to MINAF's O365. Which form does it take?	125	47%	SiCk-Boy Meta Traxos

Level 3: We're not happy	Points	Solved by	First solvers
3.4 The compromised user have connecting from another countries ... Which one is the most frequent?	50	48%	SiCk-Boy Meta Traxos
3.2 Who fooled this user to install the "thingy" ?	75	52%	h4cK_3nD-B3Er5 SiCk-Boy Meta
3.7 From which REAL domain was this last attack launched?	75	42%	SiCk-Boy Meta Traxos
3.3 This kind of attack is EXACTLY called ...	100	46%	SiCk-Boy Meta Traxos
3.5 The attackers are nice tricksters because they also fooled this user. Which URL did they make him/her click?	100	30%	SiCk-Boy Meta Traxos
3.6 Before this successful attack, they tried another one, more sneaky but unsucessful. Could you tell the "code" they used?	100	29%	Traxos Meta Manny Rivera
3.8 In what time the attackers first set foot on MINAF's O365 infrastructure?	100	38%	SiCk-Boy Meta Traxos
3.1 Attackers have tricked someone to consent the installation of something. What is its name?	125	52%	SiCk-Boy Meta Coffee Enjoyer

BootCamp Rooted 2023 Scoreboard