BTLO Replay: HOOKED | Incident Response Lab Walkthrough

Описание: Welcome to BTLO Replay, a video series that will take you through retired BTLO labs. Videos posted every Friday at 6pm BST.

This week’s lab is HOOKED, an incident response investigation.

Difficulty: Hard

The HOOKED scenario:

You just received a contract from a small team at a start-up company. They have a blog and recently people started complaining that their social media accounts were being hijacked. No doubt it’s not a coincidence that all those people visited the blog in the last 10 days. They took down the blog immediately to prevent possible future attacks.

During an initial meeting, a representative from the company stated: “We started the blog a month ago. We are a small team and do not have any financial backers yet. This is why we had not hired anyone to look after security of the blog to save some money. Also, our developers write pretty secure code. The attackers permanently removed the website access logs before we could retrieve them. I know it is our fault for not enabling proper logging and monitoring, but we still, we need your help now. Can you find what happened?”

0:00 – Introduction
0:34 – Lab scenario and initial thoughts
2:11 – Overview of questions
3:50 – Question 2
24:36 – Question 3
26:46 – Question 5
27:11 – Question 4 (root users alpha)
28:45 – Question 3 & 7
37:14 – Question 7 answer
42:19 – Question 3 answer
42:20 – Question 6
50:38 – Question 8
53:22 – Question 1
59:40 – Summary

--

Powered by global blue team training provider, Security Blue Team, BTLO is a gamified platform for defenders to sharpen their skills during engaging security investigation and challenge scenarios.

The BTLO Replay series takes viewers through walkthroughs of retired labs. Visit the BTLO website to take on these challenges for yourself and discover new labs launching regularly.

SUBSCRIBE:    / @blueteamlabsonline  
WEBSITE: https://blueteamlabs.online
DISCORD:   / discord  
TWITTER:   / bluelabsonline  
LINKEDIN:   / blue-team-labs-online