|
7. How many times the attackers connected to ADMINPC1 computer?
(Level 3: Web Server)
|
11 days, 21 hours after release (2019-11-22 16:31:44)
|
400 |
|
6. How many times the attackers connected to this server?
(Level 3: Web Server)
|
11 days, 21 hours after release (2019-11-22 16:23:25)
|
375 |
|
9. Would you be able to identify the exact name of the malware on the previous question?
(Level 3: Web Server)
|
11 days, 21 hours after release (2019-11-22 16:21:14)
|
425 |
|
8. This computer is a webserver (hence, a juicy target). The attackers have left an extra backdoor. Locate it.
(Level 3: Web Server)
|
11 days, 21 hours after release (2019-11-22 16:20:36)
|
400 |
|
5. What is the real name of this executable?
(Level 3: Web Server)
|
11 days, 21 hours after release (2019-11-22 16:19:40)
|
375 |
|
4. The attackers have dropped an executable on a system folder. What's its name?
(Level 3: Web Server)
|
11 days, 17 hours after release (2019-11-22 12:25:58)
|
350 |
|
2.Which user first connected successfully to the server?
(Level 3: Web Server)
|
11 days, 16 hours after release (2019-11-22 11:14:53)
|
325 |
|
1. When was the server rebooted on 03/Nov/2019? Name the system start time.
(Level 3: Web Server)
|
11 days, 16 hours after release (2019-11-22 11:11:20)
|
325 |
|
10. Which IP has connected to this computer using RDP?
(Level 2: Admin PC)
|
11 days, 16 hours after release (2019-11-22 10:31:55)
|
300 |
|
9. How many computers has accessed salvador.bendito through RDP?
(Level 2: Admin PC)
|
11 days, 16 hours after release (2019-11-22 10:27:08)
|
300 |
|
8. There has been a recon action on this computer. When did this recon started?
(Level 2: Admin PC)
|
11 days, 15 hours after release (2019-11-22 10:15:09)
|
275 |
|
6. When was the service used by the exfiltration software installed?
(Level 2: Admin PC)
|
11 days, 15 hours after release (2019-11-22 09:13:30)
|
250 |
|
7. Could you find the name of a program that can help exonerate Salvador?
(Level 2: Admin PC)
|
9 days, 16 hours after release (2019-11-20 10:31:33)
|
275 |
|
5.When was the last file successfully exfiltrated?
(Level 2: Admin PC)
|
9 days, 16 hours after release (2019-11-20 10:29:33)
|
250 |
|
4. To which remote computer was the data exfiltrated to?
(Level 2: Admin PC)
|
9 days, 16 hours after release (2019-11-20 10:19:22)
|
225 |
|
3. Which program has transmitted most data on 05/Nov/2019 ?
(Level 2: Admin PC)
|
9 days, 15 hours after release (2019-11-20 09:31:50)
|
225 |
|
2.Which song is going to be used for the EHP project?
(Level 2: Admin PC)
|
9 days, 14 hours after release (2019-11-20 08:47:19)
|
200 |
|
1.Where in the system is hidden the folder "Secreto" (Secret)
(Level 2: Admin PC)
|
9 days, 14 hours after release (2019-11-20 08:40:21)
|
200 |
|
12. How many items (at most) where copied in order to be exfiltrated?
(Level 1: File Server)
|
9 days, 14 hours after release (2019-11-20 08:03:03)
|
175 |
|
11.Which executable do you think was used to exfiltrate data
(Level 1: File Server)
|
9 days, 14 hours after release (2019-11-20 08:02:45)
|
175 |
|
5.How many accounts have successfully logged in on the last month?
(Level 1: File Server)
|
3 days, 4 hours after release (2019-11-13 16:14:31)
|
100 |
|
9. According to MFT, which time was last accessed the file README.txt.txt? And what time was REALLY opened this file with notepad.exe
(Level 1: File Server)
|
2 days, 22 hours after release (2019-11-13 15:57:40)
|
150 |
|
10. Which registry key is the responsible for the non-matching timestamps in the previous challenge?
(Level 1: File Server)
|
2 days, 20 hours after release (2019-11-13 14:25:52)
|
150 |
|
8. Which user tried to mount \\*\C$
(Level 1: File Server)
|
3 days after release (2019-11-13 13:42:35)
|
125 |
|
6. Which users have connected (using any kind of protocol) to the system in last month?
(Level 1: File Server)
|
3 days, 1 hour after release (2019-11-13 13:40:10)
|
100 |
|
7. Which user was online when the file lista_candidatos.xlsx was modified the last time?
(Level 1: File Server)
|
3 days after release (2019-11-13 13:38:28)
|
125 |
|
4.EHP Project has a candidate list (the shortlist that was leaked). When was this list last accessed?
(Level 1: File Server)
|
3 days after release (2019-11-13 12:37:04)
|
75 |
|
3.The EHP database is encrypted using PGP. What's the database name?
(Level 1: File Server)
|
3 days after release (2019-11-13 12:35:11)
|
75 |
|
2.How many subfolders are in this shared folder
(Level 1: File Server)
|
3 days after release (2019-11-13 12:33:00)
|
50 |
|
1.CHITONSRV has a shared folder. What's its name?
(Level 1: File Server)
|
3 days after release (2019-11-13 12:27:38)
|
50 |
