![]() ![]() The questions here are not a full example of what to ask during a breach. Keep this in mind when looking at the output of various tools. Note: This incident occurred at an organization located in Colorado in September. (The threat here matches a character from a popular cartoon character and not any real threat so stay calm). So if you find it, and YOU TELL ANYBODY I WILL KILL YOU! Also, there was a secret about Be belllech …. Morty is ramble belllch rambling on about something he might have had on there. Were there any other systems or files you are concerned about? All the systems were loc- bellllch-ated in 10.42 something something ![]() May I have a network map where the affected systems were located? What was the Operating System version of this server?īelch Whatever that idiot Jerry put on there a few years back. On the bellllcchhhh File Server on the Domain Controller. This interview was conducted while retrieving the artifacts from the system using FTK Imager Lite and a Redline Collector. A humble recommendation: require that students produce screenshots with their names in a report explaining their findings since the answers are here. ![]() The answers for the Stolen Szechuan Sauce are here. Can you recover the original file about Beth’s Secrets?.What are the passwords for the users in the domain?.Which users have actually logged onto the Desktop machine?.Which users have actually logged onto the DC?.Can you identify policy improvements or controls that should be implemented to secure this environment?.What major architecture improvement could be made that would have prevented this breach?.What CIS Top 20 or SANS Top 20 Controls would have directly prevented this breach?.Finally, when was the last known contact with the adversary?.Did the attacker steal or access any other sensitive files? If so, what times?.Did the attacker steal the Szechuan sauce? If so, what time?.What architecture changes should be made immediately?.What was the network layout of the victim network?.Did the attacker steal or access any data?.Did the attacker access any other systems?.Are these pieces of adversary infrastructure involved in other attacks around the time of the attack?.Were any IP Addresses from known adversary infrastructure?.What malicious IP Addresses were involved?.Was this malware installed with persistence on any machine?.What were the capabilities of this malware?.What IP Address is the malware calling to?.Identify the IP Address that delivered the payload.Was malware used? If so what was it? If there was malware answer the following:. ![]()
0 Comments
Leave a Reply. |