Instructions: Uncompress the lab (pass: cyberdefenders.org) Load suricatarunner.exe and suricataupdater.exe in BrimSecurity. Uncompress suricata.zip and move suricata.rules to “.\var\lib\su...

Scenario: An accountant at your organization received an email regarding an invoice with a download link. Suspicious network traffic was observed shortly after opening the email. As a SOC analyst,...

Table of Contents: 1) Session Initiation Protocol (SIP) : what is it? - Why is it used? - What it is used for? - How do I use it? - How does it work? 2) Finding a vulnerability on the SIP: (usi...

Scenario: An anomaly was discovered within our company’s intranet as our Development team found an unusual file on one of our web servers. Suspecting potential malicious activity, the network team...

Scenario: You are a cybersecurity analyst working in the Security Operations Center (SOC) of BookWorld, an expansive online bookstore renowned for its vast selection of literature. BookWorld pride...

Scenario: Our Intrusion Detection System (IDS) has raised an alert, indicating suspicious lateral movement activity involving the use of PsExec. To effectively respond to this incident, your role ...

[Retired] Scenario: Our SOC team has detected suspicious activity on one of the web servers within the company’s intranet. In order to gain a deeper understanding of the situation, the team has c...

Introduction In the previous few rooms, we learned about performing forensics on Windows machines. While Windows is still the most common Desktop Operating System, especially in enterprise environ...

Introduction Volatility is a free memory forensics tool developed and maintained by Volatility Foundation, commonly used by malware and SOC analysts within a blue team or as part of their detectio...

Windows 10 Disk Image In the attached VM, there is an Autopsy case file and its corresponding disk image. After loading the .aut file, make sure to re-point Autopsy to the disk image file. Start ...