Description
During the summer of 2022, an operator of vital importance (OIV) alerts the ANSSI because it believes it is the victim of a major cyber attack. The OIV’s security operation center (SOC) sends an export of its system collection over the last few days. Your job is to understand the attacker’s actions.
Note: The 5 parts are numbered in the chronological order of the attack, but it is not necessary to solve them in order.
Over a short period of time, the attacker tried to connect to numerous machines, as if trying to reuse the secrets stolen in part 2.
This enabled him to connect to the Workstation2 machine.
Find the source IP, the account used and the UTC time of this connection.
Flag format (case insensitive): FCSC{192.168.42.27|MYCORP\Technician|2021-11-27T17:38:54}
This challenge has been split into five parts:
Files
-
soc_events.zip
481.70 MiB – b276816ec987a8c2874cb2f3ca18a70bf0857dcbe4d766d07dbf7bd256890084
Author
Flag
Submit your solution
You can submit your writeup for this challenge. Read the FAQ to learn how to proceed.
You need to be logged in to submit a writeup.
Writeups
There are no public solutions for this challenge yet, but you can submit yours after getting the flag.