N0cT1s41

해당 문제는 CyberDefenders의 OpenWire문제에 대한 풀이입니다.1. Challenge descriptionDuring your shift as a tier-2 SOC analyst, you receive an escalation from a tier-1 analyst regarding a public-facing server. This server has been flagged for making outbound connections to multiple suspicious IPs. In response, you initiate the standard incident response protocol, which includes isolating the server from the netw..

해당 문제는 CyberDefenders의 BlueSky Ransomware문제에 대한 풀이입니다.1. Challenge descriptionAs a cybersecurity analyst on SecureTech's Incident Response Team, you're tackling an urgent case involving a high-profile corporation that suspects a sophisticated cyber attack on its network. The corporation, which manages critical data across various industries, has experienced a ransomware attack, leading to the en..

해당 문제는 CyberDefenders의 PsExec Hunt문제에 대한 풀이입니다.1. Challenge descriptionOur Intrusion Detection System (IDS) has raised an alert, indicating suspicious lateral movement activity involving the use of PsExec. To effectively respond to this incident, your role as a SOC Analyst is to analyze the captured network traffic stored in a PCAP file.Q1.In order to effectively trace the attacker's activities ..

해당 문제는 CyberDefenders의 WebStrike문제에 대한 풀이입니다.1. Challenge descriptionAn anomaly was discovered within our company's intranet as our Development team found an unusual file on one of our web servers. Suspecting potential malicious activity, the network team has prepared a pcap file with critical network traffic for analysis for the security team, and you have been tasked with analyzing the pcap.Q1..

해당 문제는 CyberDefenders의 PoisonedCredentials문제에 대한 풀이입니다.1. Challenge descriptionYour organization's security team has detected a surge in suspicious network activity. There are concerns that LLMNR (Link-Local Multicast Name Resolution) and NBT - NS (NetBIOS Name Service) poisoning attacks may be occurring within your network. These attacks are known for exploiting these protocols to intercept net..

해당 문제는 CyberDefenders의  Tomcat Takeover 문제에 대한 풀이입니다.1. Challenge descriptionOur SOC team has detected suspicious activity on one of the web servers within the company's intranet. In order to gain a deeper understanding of the situation, the team has captured network traffic for analysis. This pcap file potentially contains a series of malicious activities that have resulted in the compromise of..