Summary
A developer linux server has been compromised, and you have been assigned as the forensic investigator to determine exactly what happened. You have access to the both Linux machine developer & vpn linux servers that may reveal how the attacker accessed the environment. Your goal is to analyze the available evidence, reconstruct the attack timeline, identify the attacker's actions after gaining access, and determine how they maintained control of the system. Throughout the investigation, correlate artifacts from the Linux system and VPN logs to uncover the complete attack chain.
Summary
In this lab, you will explore how attackers can exploit permissions in the AWS cloud to collect details, perform reconnaissance, and exfiltrate data. From the defender's perspective, you will use AWS CloudTrail, S3 access logs to detect suspicious activities and unauthorized access.
Summary
In this hands-on lab, you will dive into a real-world scenario where a Linux server has been breached. The attacker exploited various misconfigurations to gain unauthorized access and deployed malware on the system. Your task is to investigate the breach, identify the misconfigurations, and analyze the deployed malware to understand the attacker's actions and objectives.
Summary
In this lab, you will explore how attackers can exploit user trust. A seemingly legitimate script is executed by the user without proper verification, unknowingly opening a backdoor for threat actors.
Summary
In this lab, you will explore how attackers can exploit misconfigurations in the AWS cloud to collect details, perform reconnaissance, and exfiltrate data. You will learn to identify and exploit common vulnerabilities, such as overly permissive IAM roles and public S3 buckets.