N0cT1s41

해당 문제는 CyberDefenders의 PoisonedCredentials문제에 대한 풀이입니다.1. Challenge descriptionYour organization's security team has detected a surge in suspicious network activity. There are concerns that LLMNR (Link-Local Multicast Name Resolution) and NBT - NS (NetBIOS Name Service) poisoning attacks may be occurring within your network. These attacks are known for exploiting these protocols to intercept net..

해당 문제는 CyberDefenders의  Insider 문제에 대한 풀이입니다.1. Challenge descriptionAfter Karen started working for 'TAAUSAI,' she began to do some illegal activities inside the company.'TAAUSAI' hired you as a soc analyst to kick off an investigation on this case. You acquired a disk image and found that Karen uses Linux OS on her machine. Analyze the disk image of Karen's computer and answer the provided que..

해당 문제는 CyberDefenders의  Tomcat Takeover 문제에 대한 풀이입니다.1. Challenge descriptionOur SOC team has detected suspicious activity on one of the web servers within the company's intranet. In order to gain a deeper understanding of the situation, the team has captured network traffic for analysis. This pcap file potentially contains a series of malicious activities that have resulted in the compromise of..

해당 문제는 CyberDefenders의  Web Investigation 문제에 대한 풀이입니다.1. Challenge descriptionYou are a cybersecurity analyst working in the Security Operations Center (SOC) of BookWorld, an expansive online bookstore renowned for its vast selection of literature. BookWorld prides itself on providing a seamless and secure shopping experience for book enthusiasts around the globe. Recently, you've been tasked w..

보호되어 있는 글입니다.

해당 문제는 Github의 MemLabs의 Black Tuesday 문제에 대한 풀이입니다.1. Challenge descriptionWe received this memory dump from our client recently. Someone accessed his system when he was not there and he found some rather strange files being accessed. Find those files and they might be useful. I quote his exact statement, The names were not readable. They were composed of alphabets and numbers but I wasn't able ..