SOC Simulator 4/5 - Latéralisation

forensics logs FCSC 2024 solved on

star

Description

During the summer of 2022, an operator of vital importance (OIV) alerts the ANSSI because it believes it is the victim of a major cyber attack. The OIV’s security operation center (SOC) sends an export of its system collection over the last few days. Your job is to understand the attacker’s actions.

Note: The 5 parts are numbered in the chronological order of the attack, but it is not necessary to solve them in order.


Over a short period of time, the attacker tried to connect to numerous machines, as if trying to reuse the secrets stolen in part 2. This enabled him to connect to the Workstation2 machine. Find the source IP, the account used and the UTC time of this connection.

Flag format (case insensitive): FCSC{192.168.42.27|MYCORP\Technician|2021-11-27T17:38:54}

This challenge has been split into five parts:

Files

  • soc_events.zip
    481.70 MiB – b276816ec987a8c2874cb2f3ca18a70bf0857dcbe4d766d07dbf7bd256890084

Author

ribt

Flag

Share my success on Fediverse, Twitter, Linkedin, Facebook, or via email.

Submit your solution

You can submit your writeup for this challenge. Read the FAQ to learn how to proceed.

You need to be logged in to submit a writeup.

Writeups

There are no public solutions for this challenge yet, but you can submit yours after getting the flag.