User details : DFIR CTF - Remote winds, local storms - Mellivora, the CTF engine

Level 1: File Server, 0 / 1,350 (0%)

Level 2: Admin PC, 2,100 / 2,500 (84%)

Level 3: Web Server, 2,550 / 3,750 (68%)

Total: 4,650 / 7,600 (61.2%)

Challenge	Solved	Points
9. Would you be able to identify the exact name of the malware on the previous question? (Level 3: Web Server)	#8, 6 years after release (2025-12-03 16:22:44)	425
8. This computer is a webserver (hence, a juicy target). The attackers have left an extra backdoor. Locate it. (Level 3: Web Server)	#9, 6 years after release (2025-12-03 16:16:18)	400
6. How many times the attackers connected to this server? (Level 3: Web Server)	#8, 6 years after release (2025-12-03 15:42:55)	375
4. The attackers have dropped an executable on a system folder. What's its name? (Level 3: Web Server)	#9, 6 years after release (2025-12-03 15:20:42)	350
3. What exploit would you bet that has been used to access the server? (Level 3: Web Server)	#7, 6 years after release (2025-12-03 15:09:32)	350
2.Which user first connected successfully to the server? (Level 3: Web Server)	#9, 6 years after release (2025-12-03 15:06:43)	325
1. When was the server rebooted on 03/Nov/2019? Name the system start time. (Level 3: Web Server)	#7, 6 years after release (2025-12-03 12:47:32)	325
10. Which IP has connected to this computer using RDP? (Level 2: Admin PC)	#10, 6 years after release (2025-12-03 12:00:55)	300
9. How many computers has accessed salvador.bendito through RDP? (Level 2: Admin PC)	#7, 6 years after release (2025-12-03 11:58:48)	300
8. There has been a recon action on this computer. When did this recon started? (Level 2: Admin PC)	#10, 6 years after release (2025-12-03 11:48:45)	275
7. Could you find the name of a program that can help exonerate Salvador? (Level 2: Admin PC)	#10, 6 years after release (2025-12-03 11:26:42)	275
6. When was the service used by the exfiltration software installed? (Level 2: Admin PC)	#10, 6 years after release (2025-12-03 10:28:22)	250
5.When was the last file successfully exfiltrated? (Level 2: Admin PC)	#9, 6 years after release (2025-12-03 10:16:59)	250
4. To which remote computer was the data exfiltrated to? (Level 2: Admin PC)	#9, 6 years after release (2025-12-03 09:57:38)	225
3. Which program has transmitted most data on 05/Nov/2019 ? (Level 2: Admin PC)	#10, 6 years after release (2025-12-03 09:49:58)	225