A developer linux server has been compromised, and you have been assigned as the forensic investigator to determine exactly what happened. You have access to the both Linux machine developer & vpn linux servers that may reveal how the attacker accessed the environment. Your goal is to analyze the available evidence, reconstruct the attack timeline, identify the attacker’s actions after gaining access, and determine how they maintained control of the system. Throughout the investigation, correlate artifacts from the Linux system and VPN logs to uncover the complete attack chain.
Initial Access : Discover how the attacker initially compromised the server through misconfigurations.
Persistence : Discover how the attacker maintained access to the compromised system.
Privilege Escalation: Identify the techniques used by the attacker to escalate privileges on the Linux system.
Discovery : Identify how the attacker gathered information about the system and environment.
Lateral Movement : Investigate whether the attacker used remote access to move within the environment.
Collection : Determine what information or files were collected by the attacker.
Command and Control : Identify how the compromised system communicated with the attacker’s infrastructure.
Exfiltration : Determine whether any data was transferred outside the environment.
Malware Analysis: Examine how the malware was deployed by the attacker on the system.
Log Analysis: Analyze system logs to trace the attacker’s actions and timeline.
Remediation: Learn best practices to secure the system and prevent similar breaches in the future.
You will get access to all the evidence collected from the breached servers.
Password: threatbreach.io
| Link To Evidence | SHA256 |
|---|---|
| 🔗 Developer-machine.tar | 9d0f00ce6ec63b478333cfd6fdf9bc320449f1ebf84b503c3ec953ad2863861b |
| 🔗 Developer-machine-tcpdump.pcap | 21b331c4f5fe40924ae7994f428c575e2b60c423fab9849aa402e467fe406621 |
| 🔗 VPN-Server.tar | b3be75dfec6b0e5ad4323f98192fd9e9ed84f62d52e3cdaace0bc5f68a674972 |
| 🔗 VPN-Server-tcpdump.pcap | 968b200b134f041a8fe7683ce6f848d49872f5aaa89eaffcb940a35c576d2f3e |
Writeup will be published soon, If you want to send your writeup to be evaluated share it on labs[@]threatbreach.io