1.CHITONSRV has a shared folder. What's its name?
|
50
|
100%
|
eneasthetrojan bolasdecocido DreamTeam
|
2.How many subfolders are in this shared folder
|
50
|
73%
|
eneasthetrojan DreamTeam carpese
|
3.The EHP database is encrypted using PGP. What's the database name?
|
75
|
73%
|
eneasthetrojan carpese FaaS
|
4.EHP Project has a candidate list (the shortlist that was leaked). When was this list last accessed?
|
75
|
67%
|
eneasthetrojan DreamTeam carpese
|
5.How many accounts have successfully logged in on the last month?
|
100
|
33%
|
eneasthetrojan antonio L0sD3S13mpr3
|
6. Which users have connected (using any kind of protocol) to the system in last month?
|
100
|
53%
|
eneasthetrojan carpese adriandlhc
|
8. Which user tried to mount \\*\C$
|
125
|
60%
|
eneasthetrojan carpese FaaS
|
7. Which user was online when the file lista_candidatos.xlsx was modified the last time?
|
125
|
40%
|
eneasthetrojan carpese adriandlhc
|
9. According to MFT, which time was last accessed the file README.txt.txt? And what time was REALLY opened this file with notepad.exe
|
150
|
53%
|
eneasthetrojan carpese FaaS
|
10. Which registry key is the responsible for the non-matching timestamps in the previous challenge?
|
150
|
53%
|
eneasthetrojan carpese FaaS
|
11.Which executable do you think was used to exfiltrate data
|
175
|
47%
|
eneasthetrojan carpese antonio
|
12. How many items (at most) where copied in order to be exfiltrated?
|
175
|
20%
|
eneasthetrojan carpese CHdezFdez
|