Level 1: Domain controller, 325 / 850 (38%)
38.235294117647% complete
Level 2: W10-PC3, 100 / 1,050 (10%)
9.5238095238095% complete
Level 3: W10-PC5, 0 / 1,150 (0%)
Total: 425 / 3,050 (13.9%)
| Challenge |
Solved |
Points |
|
03. What is the external IP used by the attackers?
(Level 2: W10-PC3)
|
#68,
4 years, 1 month after release (2024-12-20 09:58:50)
|
50 |
|
01. Which execution pinpoints the first lateral movement on this machine?
(Level 2: W10-PC3)
|
#63,
4 years, 1 month after release (2024-12-20 08:54:11)
|
50 |
|
09. What is the IP used by the attackers to connect to the domain controller ?
(Level 1: Domain controller)
|
#82,
4 years, 1 month after release (2024-12-20 08:23:00)
|
25 |
|
08. The GPO establish a fixed time for ransomware execution. Which time are the scheduled tasks of doom timed to start?
(Level 1: Domain controller)
|
#81,
4 years, 1 month after release (2024-12-20 08:14:59)
|
75 |
|
07. Which ransomware family are the attackers planning to deploy?
(Level 1: Domain controller)
|
#81,
4 years, 1 month after release (2024-12-20 07:55:08)
|
50 |
|
06. Which specific threat is launched by the AV detection?
(Level 1: Domain controller)
|
#67,
1 year, 10 months after release (2024-12-20 07:42:36)
|
75 |
|
05. The antivirus detected a malicious file around this time. Which name does it have?
(Level 1: Domain controller)
|
#94,
4 years, 1 month after release (2024-12-20 07:27:49)
|
50 |
|
04. A foul-mouthed named script was executed a little after this user login. What is its name?
(Level 1: Domain controller)
|
#90,
4 years, 1 month after release (2024-12-20 07:14:42)
|
50 |
