Alberto y Marcos TEAM ar

Level 1: File Server, 1,175 / 1,350 (87%)
87.037037037037% complete
Level 2: Admin PC, 2,500 / 2,500 (100%)
100% complete
Level 3: Web Server, 3,025 / 3,750 (81%)
80.666666666667% complete
Total: 6,700 / 7,600 (88.2%)

Solved challenges

Challenge Solved Points
10. The EHP database is encrypted using an AES 4096 bits key. Taking account of all the evidences you've got through the case ... Do you believe the EHP spanish candidates data is safe? (Level 3: Web Server) #5, 6 years after release (2025-12-03 15:48:04) 425
9. Would you be able to identify the exact name of the malware on the previous question? (Level 3: Web Server) #5, 6 years after release (2025-12-03 15:35:36) 425
8. This computer is a webserver (hence, a juicy target). The attackers have left an extra backdoor. Locate it. (Level 3: Web Server) #6, 6 years after release (2025-12-03 15:12:47) 400
7. How many times the attackers connected to ADMINPC1 computer? (Level 3: Web Server) #5, 6 years after release (2025-12-03 15:06:21) 400
6. How many times the attackers connected to this server? (Level 3: Web Server) #6, 6 years after release (2025-12-03 13:00:31) 375
4. The attackers have dropped an executable on a system folder. What's its name? (Level 3: Web Server) #6, 6 years after release (2025-12-03 12:06:25) 350
2.Which user first connected successfully to the server? (Level 3: Web Server) #6, 6 years after release (2025-12-03 11:55:54) 325
1. When was the server rebooted on 03/Nov/2019? Name the system start time. (Level 3: Web Server) #4, 6 years after release (2025-12-03 11:43:29) 325
9. How many computers has accessed salvador.bendito through RDP? (Level 2: Admin PC) #5, 6 years after release (2025-12-03 10:24:39) 300
10. Which IP has connected to this computer using RDP? (Level 2: Admin PC) #7, 6 years after release (2025-12-03 10:14:35) 300
8. There has been a recon action on this computer. When did this recon started? (Level 2: Admin PC) #7, 6 years after release (2025-12-03 10:13:26) 275
7. Could you find the name of a program that can help exonerate Salvador? (Level 2: Admin PC) #7, 6 years after release (2025-12-03 10:06:54) 275
6. When was the service used by the exfiltration software installed? (Level 2: Admin PC) #7, 6 years after release (2025-12-03 09:34:57) 250
5.When was the last file successfully exfiltrated? (Level 2: Admin PC) #6, 6 years after release (2025-12-03 09:04:22) 250
4. To which remote computer was the data exfiltrated to? (Level 2: Admin PC) #6, 6 years after release (2025-12-02 17:40:28) 225
3. Which program has transmitted most data on 05/Nov/2019 ? (Level 2: Admin PC) #7, 6 years after release (2025-12-02 17:29:22) 225
2.Which song is going to be used for the EHP project? (Level 2: Admin PC) #6, 6 years after release (2025-12-02 17:10:36) 200
1.Where in the system is hidden the folder "Secreto" (Secret) (Level 2: Admin PC) #8, 6 years after release (2025-12-02 17:07:23) 200
11.Which executable do you think was used to exfiltrate data (Level 1: File Server) #9, 6 years after release (2025-12-02 16:15:51) 175
10. Which registry key is the responsible for the non-matching timestamps in the previous challenge? (Level 1: File Server) #9, 6 years after release (2025-12-02 15:15:08) 150
9. According to MFT, which time was last accessed the file README.txt.txt? And what time was REALLY opened this file with notepad.exe (Level 1: File Server) #10, 6 years after release (2025-12-02 15:09:22) 150
8. Which user tried to mount \\*\C$ (Level 1: File Server) #14, 6 years after release (2025-12-02 14:58:21) 125
7. Which user was online when the file lista_candidatos.xlsx was modified the last time? (Level 1: File Server) #12, 6 years after release (2025-12-02 14:57:48) 125
6. Which users have connected (using any kind of protocol) to the system in last month? (Level 1: File Server) #12, 6 years after release (2025-12-02 12:59:10) 100
5.How many accounts have successfully logged in on the last month? (Level 1: File Server) #10, 6 years after release (2025-12-02 12:50:26) 100
4.EHP Project has a candidate list (the shortlist that was leaked). When was this list last accessed? (Level 1: File Server) #14, 6 years after release (2025-12-02 12:44:59) 75
3.The EHP database is encrypted using PGP. What's the database name? (Level 1: File Server) #19, 6 years after release (2025-12-02 12:36:52) 75
2.How many subfolders are in this shared folder (Level 1: File Server) #18, 6 years after release (2025-12-02 12:36:10) 50
1.CHITONSRV has a shared folder. What's its name? (Level 1: File Server) #24, 6 years after release (2025-12-02 12:29:28) 50