Z80 pt

Level 1: Domain controller, 225 / 850 (26%)
26.470588235294% complete
Level 2: W10-PC3, 400 / 1,050 (38%)
38.095238095238% complete
Level 3: W10-PC5, 375 / 1,150 (33%)
32.608695652174% complete
Total: 1,000 / 3,050 (32.8%)

Solved challenges

Challenge Solved Points
10. Which REAL domain/filename/underwear was used to spoof MINAF? Use the file attached (Level 3: W10-PC5) #96, 3 years after release (2026-03-03 17:50:01) 75
07. What is the first recon command made by the attackers ? (Level 3: W10-PC5) #100, 5 years, 3 months after release (2026-03-03 17:26:34) 75
08. This machine is plagued with evil. Name the file who drops the first malicious payload (Level 3: W10-PC5) #108, 5 years, 3 months after release (2026-03-03 17:26:15) 75
02. Which script/command/thingy is used by the attackers to disable the antivirus? (Level 3: W10-PC5) #122, 5 years, 3 months after release (2026-03-03 16:03:06) 100
01. What "disguise" has used the executable used to run code on W10-PC3? (Level 3: W10-PC5) #132, 5 years, 3 months after release (2026-03-03 15:40:20) 50
06_extra. How many times did the attackers login on the DC from a user of this computer ? (Level 2: W10-PC3) #49, 5 years, 3 months after release (2026-03-03 15:01:39) 125
07. How many different users did login on this computer on November 9 ? (Level 2: W10-PC3) #136, 5 years, 3 months after release (2026-03-03 15:01:09) 75
06. Which privileged account has been used by the attackers ? (Level 2: W10-PC3) #137, 3 years after release (2026-03-03 14:47:43) 50
04. This machine is listening in a really odd port for an endpoint. Which one? (Level 2: W10-PC3) #148, 5 years, 3 months after release (2026-03-03 12:23:29) 50
03. What is the external IP used by the attackers? (Level 2: W10-PC3) #146, 5 years, 3 months after release (2026-03-03 12:22:11) 50
01. Which execution pinpoints the first lateral movement on this machine? (Level 2: W10-PC3) #136, 5 years, 3 months after release (2026-03-03 11:48:15) 50
03. At what time can you see a logon type 10 user login on the domain controller? (Level 1: Domain controller) #184, 5 years, 3 months after release (2026-03-03 09:22:28) 50
02. At which time can the second malicious GPO be considered as loaded and ready to be applied? (Level 1: Domain controller) #184, 5 years, 3 months after release (2026-03-03 09:09:41) 100
01- What is the name of the first anomalous GPO? (Level 1: Domain controller) #185, 3 years after release (2026-03-03 08:49:34) 75