|
1.CHITONSRV has a shared folder. What's its name?
|
50
|
100%
|
 eneasthetrojan
 bolasdecocido
 DreamTeam
|
|
2.How many subfolders are in this shared folder
|
50
|
77%
|
eneasthetrojan
DreamTeam
carpese
|
|
3.The EHP database is encrypted using PGP. What's the database name?
|
75
|
77%
|
eneasthetrojan
carpese
FaaS
|
|
4.EHP Project has a candidate list (the shortlist that was leaked). When was this list last accessed?
|
75
|
69%
|
eneasthetrojan
DreamTeam
carpese
|
|
5.How many accounts have successfully logged in on the last month?
|
100
|
31%
|
eneasthetrojan
antonio
L0sD3S13mpr3
|
|
6. Which users have connected (using any kind of protocol) to the system in last month?
|
100
|
54%
|
eneasthetrojan
carpese
adriandlhc
|
|
8. Which user tried to mount \\*\C$
|
125
|
62%
|
eneasthetrojan
carpese
FaaS
|
|
7. Which user was online when the file lista_candidatos.xlsx was modified the last time?
|
125
|
38%
|
eneasthetrojan
carpese
adriandlhc
|
|
9. According to MFT, which time was last accessed the file README.txt.txt? And what time was REALLY opened this file with notepad.exe
|
150
|
54%
|
eneasthetrojan
carpese
FaaS
|
|
10. Which registry key is the responsible for the non-matching timestamps in the previous challenge?
|
150
|
54%
|
eneasthetrojan
carpese
FaaS
|
|
11.Which executable do you think was used to exfiltrate data
|
175
|
46%
|
eneasthetrojan
carpese
antonio
|
|
12. How many items (at most) where copied in order to be exfiltrated?
|
175
|
15%
|
eneasthetrojan
carpese
|
