Level 1: File Server Points Solved by First solvers
1.CHITONSRV has a shared folder. What's its name? 50 100% First to solve this challenge!eneasthetrojan
Second to solve this challenge!bolasdecocido
Third to solve this challenge!DreamTeam
2.How many subfolders are in this shared folder 50 73% First to solve this challenge!eneasthetrojan
Second to solve this challenge!DreamTeam
Third to solve this challenge!carpese
3.The EHP database is encrypted using PGP. What's the database name? 75 73% First to solve this challenge!eneasthetrojan
Second to solve this challenge!carpese
Third to solve this challenge!FaaS
4.EHP Project has a candidate list (the shortlist that was leaked). When was this list last accessed? 75 67% First to solve this challenge!eneasthetrojan
Second to solve this challenge!DreamTeam
Third to solve this challenge!carpese
5.How many accounts have successfully logged in on the last month? 100 33% First to solve this challenge!eneasthetrojan
Second to solve this challenge!antonio
Third to solve this challenge!L0sD3S13mpr3
6. Which users have connected (using any kind of protocol) to the system in last month? 100 53% First to solve this challenge!eneasthetrojan
Second to solve this challenge!carpese
Third to solve this challenge!adriandlhc
8. Which user tried to mount \\*\C$ 125 60% First to solve this challenge!eneasthetrojan
Second to solve this challenge!carpese
Third to solve this challenge!FaaS
7. Which user was online when the file lista_candidatos.xlsx was modified the last time? 125 40% First to solve this challenge!eneasthetrojan
Second to solve this challenge!carpese
Third to solve this challenge!adriandlhc
9. According to MFT, which time was last accessed the file README.txt.txt? And what time was REALLY opened this file with notepad.exe 150 53% First to solve this challenge!eneasthetrojan
Second to solve this challenge!carpese
Third to solve this challenge!FaaS
10. Which registry key is the responsible for the non-matching timestamps in the previous challenge? 150 53% First to solve this challenge!eneasthetrojan
Second to solve this challenge!carpese
Third to solve this challenge!FaaS
11.Which executable do you think was used to exfiltrate data 175 47% First to solve this challenge!eneasthetrojan
Second to solve this challenge!carpese
Third to solve this challenge!antonio
12. How many items (at most) where copied in order to be exfiltrated? 175 20% First to solve this challenge!eneasthetrojan
Second to solve this challenge!carpese
Third to solve this challenge!CHdezFdez
Level 2: Admin PC Points Solved by First solvers
1.Where in the system is hidden the folder "Secreto" (Secret) 200 47% First to solve this challenge!eneasthetrojan
Second to solve this challenge!carpese
Third to solve this challenge!FaaS
2.Which song is going to be used for the EHP project? 200 33% First to solve this challenge!eneasthetrojan
Second to solve this challenge!carpese
Third to solve this challenge!crisisvision
3. Which program has transmitted most data on 05/Nov/2019 ? 225 40% First to solve this challenge!eneasthetrojan
Second to solve this challenge!carpese
Third to solve this challenge!antonio
4. To which remote computer was the data exfiltrated to? 225 33% First to solve this challenge!eneasthetrojan
Second to solve this challenge!carpese
Third to solve this challenge!crisisvision
6. When was the service used by the exfiltration software installed? 250 40% First to solve this challenge!eneasthetrojan
Second to solve this challenge!carpese
Third to solve this challenge!antonio
5.When was the last file successfully exfiltrated? 250 33% First to solve this challenge!eneasthetrojan
Second to solve this challenge!carpese
Third to solve this challenge!crisisvision
7. Could you find the name of a program that can help exonerate Salvador? 275 40% First to solve this challenge!eneasthetrojan
Second to solve this challenge!carpese
Third to solve this challenge!antonio
8. There has been a recon action on this computer. When did this recon started? 275 40% First to solve this challenge!eneasthetrojan
Second to solve this challenge!carpese
Third to solve this challenge!antonio
9. How many computers has accessed salvador.bendito through RDP? 300 27% First to solve this challenge!eneasthetrojan
Second to solve this challenge!antonio
Third to solve this challenge!helsinki
10. Which IP has connected to this computer using RDP? 300 40% First to solve this challenge!eneasthetrojan
Second to solve this challenge!carpese
Third to solve this challenge!antonio
Level 3: Web Server Points Solved by First solvers
1. When was the server rebooted on 03/Nov/2019? Name the system start time. 325 20% First to solve this challenge!eneasthetrojan
Second to solve this challenge!crisisvision
Third to solve this challenge!CHdezFdez
2.Which user first connected successfully to the server? 325 33% First to solve this challenge!eneasthetrojan
Second to solve this challenge!antonio
Third to solve this challenge!crisisvision
3. What exploit would you bet that has been used to access the server? 350 33% First to solve this challenge!FaaS
Second to solve this challenge!antonio
Third to solve this challenge!crisisvision
4. The attackers have dropped an executable on a system folder. What's its name? 350 33% First to solve this challenge!eneasthetrojan
Second to solve this challenge!antonio
Third to solve this challenge!crisisvision
6. How many times the attackers connected to this server? 375 27% First to solve this challenge!eneasthetrojan
Second to solve this challenge!antonio
Third to solve this challenge!helsinki
5. What is the real name of this executable? 375 33% First to solve this challenge!eneasthetrojan
Second to solve this challenge!antonio
Third to solve this challenge!crisisvision
7. How many times the attackers connected to ADMINPC1 computer? 400 27% First to solve this challenge!eneasthetrojan
Second to solve this challenge!antonio
Third to solve this challenge!helsinki
8. This computer is a webserver (hence, a juicy target). The attackers have left an extra backdoor. Locate it. 400 33% First to solve this challenge!eneasthetrojan
Second to solve this challenge!antonio
Third to solve this challenge!crisisvision
9. Would you be able to identify the exact name of the malware on the previous question? 425 27% First to solve this challenge!eneasthetrojan
Second to solve this challenge!crisisvision
Third to solve this challenge!helsinki
10. The EHP database is encrypted using an AES 4096 bits key. Taking account of all the evidences you've got through the case ... Do you believe the EHP spanish candidates data is safe? 425 27% First to solve this challenge!FaaS
Second to solve this challenge!antonio
Third to solve this challenge!crisisvision