Sherlock Info Creator : Cyberjunkie (Wait!!! Thats meeeeee) Release date : 13 November 2023 Retire Date : 30 November 2023 Difficulty : Medium Scenario A critical Forela Dev server got targeted by a ransomware. The Dev server was accidently left open to internet which it was not supposed to be. The senior dev…

We are provided with event logs and registry hives as artifacts

In this writeup we will be analyzing a email to determine whether it was a phishing attempt or not. We will only use a mail client(You can use any you like) and avail Threat intel platforms like virustotal and cisco talos intelligence Scenario Your email address has been leaked and you…

Today i will be solving printnightmare challenge in which we are provided with network capture and an memory image to analyse. We will use Brim and Redline to uncover exploitation of CVE-2021–34527 in internal network. This challenge is available for free on letsdefend platform. We have a document giving instructions…

Hello Blue teamers and Red Teamers. In this post , we will be analyzing some apache access logs to uncover asset discovery, login brute force and web rce . Then we will uncover how attacker maintained his/her presence in the environment and which IP’s are associated with the threat actor. Analysis …

Hello Blue Teamers . I created Another Challenge on Letsdefend platform. This challenge is about Windows Forensics and how to parse and analyze various important artifacts to determine full cyber kill chain , from delivery to Lateral movement Scenario Investigation We have a disk image of extension ad1. We would first need…

We have an Incident related to Log4j activities escalated by L1 Analyst. Vulnerability Log4j2 versions 2.0-beta9 through 2.15.0 (excluding 2.12.x after 2.12.1) are vulnerable to remote code execution using its LDAP (Lightweight Directory Access Protocol) JNDI parser. An attacker who can control log messages or log message parameters can execute arbitrary…

This is just a short writeup showcasing event logs analysis Attack Simulation : We will create a compromise scenario. A Metasploit reverse shell executable will be run on the victim endpoint and a reverse shell will be gained on the attacker machine . We will then escalate our privileges to nt authority we start…

Hi guys, i made this windows memory forensics challenge which was published on letsdefend. I am writing this writeup in the intended way to solve the challenge using volatility 3. We will learn to analyse windows processes and find hidden malware among the processes. …