|
06. There is more than one malicious payloads running wild on this machine. When did the second one was deployed?
(Level 3: W10-PC5)
|
#61,
4 years, 11 months after release (2025-11-04 16:41:18)
|
75 |
|
04. Attackers have used two Active Directory recon tools. When was the latest one first launched ?
(Level 3: W10-PC5)
|
#81,
4 years, 11 months after release (2025-11-04 16:14:10)
|
75 |
|
07. How many different users did login on this computer on November 9 ?
(Level 2: W10-PC3)
|
#105,
4 years, 11 months after release (2025-11-04 13:05:33)
|
75 |
|
04. This machine is listening in a really odd port for an endpoint. Which one?
(Level 2: W10-PC3)
|
#123,
4 years, 11 months after release (2025-11-04 12:51:13)
|
50 |
|
06. Which privileged account has been used by the attackers ?
(Level 2: W10-PC3)
|
#110,
2 years, 8 months after release (2025-11-04 12:51:02)
|
50 |
|
05. The attackers are quite sassy ... but sloppy too. Can you locate the password for one of this accounts?
(Level 2: W10-PC3)
|
#107,
4 years, 11 months after release (2025-11-04 12:35:42)
|
100 |
|
03. What is the external IP used by the attackers?
(Level 2: W10-PC3)
|
#121,
4 years, 11 months after release (2025-11-04 12:34:36)
|
50 |
|
07. Which ransomware family are the attackers planning to deploy?
(Level 1: Domain controller)
|
#138,
4 years, 11 months after release (2025-11-04 10:09:37)
|
50 |
|
03. At what time can you see a logon type 10 user login on the domain controller?
(Level 1: Domain controller)
|
#155,
4 years, 11 months after release (2025-11-04 09:07:15)
|
50 |
|
02. At which time can the second malicious GPO be considered as loaded and ready to be applied?
(Level 1: Domain controller)
|
#159,
4 years, 11 months after release (2025-11-04 09:04:00)
|
100 |
|
01- What is the name of the first anomalous GPO?
(Level 1: Domain controller)
|
#155,
2 years, 8 months after release (2025-11-04 08:46:51)
|
75 |
