• Tags
3Cs
7Ps
Achievements
Agriculture
AI
Air Batteries
Aluminium
Analysis
Android
App
Arduino
Argument
Attitude
Autonomous Vehicles
Bash
Batteries
Biases
Biochar
Blue Team Labs Online
Bonds
Book Summary
Bookmarks
Books
Boookmarklets
Buildings
Business
Business Analysis
Business Model
Business Model Canvas
Business Models
CAES
Capital
Carbon
Carbon Capture
Career
Cars
Case Study
CCUS
Certifications
CFI
ChatGPT
Chemistry
China
Circular Economy
Classification
Climate
Clustering
CO2
CODESYS
Communities
Compassion
Competitor Analysis
Compressed CO2
Computing
Conference Talk
Connected Vehicles
Construction
Consulting
Consumption
Contemplation
Contemplations
Corporate Finance
Cost-Benefit Analysis
Coursera
Courses
CPD
Creativity
Crisis
Customer Analysis
CyberDefenders
Cycles
DAC
Data Analysis
Data Science
Dating
Debt
Decision Making
Desertec
Design
Digital Forensics
Distributed Energy
Distribution Networks
E-Bikes
E-Scooters
Economic Cycles
Education
EdX
Efficiency
Electric Vehicles
Electricity
Electrification
Electrochemical Batteries
Emissions
Emotions
EndMyopia
Energy
Energy Storage
Entomophagy
Entrepreneurship
EVs
Eyesight
Family
Farming
Farnam Street
Fears
Finance
Finances
Flow Batteries
Focus
Food
Future
Geology
Geopolitics
GMAT
Go-to-Market
Green
Greenwashing
Grid Storage
Growth
Growth Strategy
Happiness
Health
Heat Pumps
Hobbies
Housing
Human Nature
Humanity
Hydrogen
IEA
Industry Analysis
Innovation
Insects
Internet
IT
JavaScript
Journalling
Korea
Korean
LAES
Languages
Learning
LinkedIn
Lithium
Living
LLMs
Logical Fallacies
Logistics
London
M&A
Market Entry
Market Research
Market Strategy
Marketing
Markets
Massless Batteries
Maths
MECE
Mechanical Batteries
Media
Meditation
Memories
Mental Blindspots
Mental Health
Mental Models
Micromobility
Mindset
Mobility
Modelling
Molten Metal
Molten Salt
Motivation
Motorbikes
Myopia
Networking
Oceans
Oil
Open University
OpenPLC
Operational Technology
Opportunity
Opportunity Cost
Personal Development
Personalities
Plants
Plastic
Policy
Politics
Pollution
Porter's Five Forces
Product Analysis
Product Design
Product Management
Productivity
Projects
Psychology
Public Transport
Pumped Hydro
Python
Reasoning
Recycling
Reflecton
Regex
Relationships
Renewable Energy
Sales
Samsara
Sand Batteries
Scooters
Scripting
Security Monitoring
Segmentation
Self-Control
Sex
Shared Mobility
Silver
Skills
Society
Sodium
Solar
STEEPLE
Stocks
Strategy
Structure
Success
Supply Chain
Sustainability
SWOT
Theories
Thermal Batteries
Thoughts
Time Management
Time Series
Traffic
Transmission Networks
Trauma
Travel
Trees
TryHackMe
V2G
Valuation
Value Chain
Value Proposition
Value Proposition Canvas
Vanadium
Vertical Farming
War
Water Batteries
Wealth
Wind
Work
YouTube
Zinc Bromine
한국어
한국어로

HoneyBOT (pcap Analysis)

https://cyberdefenders.org/labs/45 Contents Description Tools Questions 1. What is the attackers IP address? 2. What is the targets IP address? 3. Provide the country code for the attackers IP address (a.k.a geo-location). 4. How many TCP sessions are present in the captured traffic? 5. How long did it take to perform the attack (in seconds)? 6. No question 6 . . . 7. Provide the CVE number of the exploited vulnerability. 8. Which protocol was used to carry over the exploit? 9. Which protocol did the attacker use to download additional malicious files to the target system? 10. What is the name of the downloaded malware? 11. The attackers server was listening on a specific port. Provide the port number. 12. When was the involved malware first submitted to VirusTotal for analysis? 13. What is the key used to encode the shellcode? 14. What is the port number the shellcode binds to? 15. The shellcode used a specific technique to determine its location in memory. What is the OS file being queried during this process? Comments? Description A PCAP analysis exercise highlighting attacker’s interactions with honeypots and how automatic exploitation works. (Note that the IP address of the victim has been changed to hide the true location.)

• CyberDefenders

Monday, October 11, 2021 | 5 minutes Read

XLM Macros (Document Analysis)

https://cyberdefenders.org/labs/55 Contents Description Helpful Tools Questions 1: Sample1: What is the document decryption password? 2. There is no question 2 . . . 3: Sample1: This document contains six hidden sheets. What are their names? Provide the value of the one starting with S. 4: Sample1: What URL is the malware using to download the next stage? 5: Sample1: What malware family was this document attempting to drop? 6: Sample2: This document has a very hidden sheet. What is the name of this sheet? 7: Sample2: This document uses reg.exe. What registry key is it checking? 8: Sample2: From the use of reg.exe, what value of the assessed key indicates a sandbox environment? 9: Sample2: This document performs several additional anti-analysis checks. What Excel 4 macro function does it use? 10: Sample2: This document checks for the name of the environment in which Excel is running. What value is it using to compare? 11: Sample2: What type of payload is downloaded? 12: Sample2: What URL does the malware download the payload from? 13: Sample2: What is the filename that the payload is saved as? 14: Sample2: How is the payload executed? For example, mshta.exe 15: Sample2: What was the malware family? Comments? Description Recently, we have seen a resurgence of Excel-based malicous office documents. Howerver, instead of using VBA-style macros, they are using older style Excel 4 macros. This changes our approach to analyzing these documents, requiring a slightly different set of tools. In this challenge, you’ll get hands-on with two documents that use Excel 4.0 macros to perform anti-analysis and download the next stage of the attack.

• CyberDefenders

Wednesday, September 1, 2021 | 6 minutes Read

L'Espion (OSINT)

https://cyberdefenders.org/labs/73 Contents Description Questions 1: Github.txt: What is the API key the insider added to his GitHub repositories? 2: Github.txt: What is the plaintext password the insider added to his GitHub repositories? 3: Github.txt: What cryptocurrency mining tool did the insider use? 4: What university did the insider go to? 5: What gaming website the insider had an account on? 6: What is the link to the insider Instagram profile? 7: Where did the insider go on the holiday? (Country only) 8: Where is the insiders family live? (City only) 9: office.jpg: You have been provided with a picture of the building in which the company has an office. Which city is the company located in? 10: Webcam.png: With the intel, you have provided, our ground surveillance unit is now overlooking the person of interests suspected address. They saw them leaving their apartment and followed them to the airport. Their plane took off and has landed in another country. Our intelligence team spotted the target with this IP camera. Which state is this camera in? Comments? Description You have been tasked by a client whose network was compromised and brought offline to investigate the incident and determine the attacker’s identity.

• CyberDefenders

Tuesday, August 17, 2021 | 5 minutes Read

AfricaFalls (Disk Image Forensics)

https://cyberdefenders.org/labs/66 Contents Introduction Tools Preparation Questions #1: What is the MD5 hash value of the suspect disk? #2: What phrase did the suspect search for on 2021-04-29 18:17:38 UTC? #3: What is the IPv4 address of the FTP server the suspect connected to? #4: What date and time was a password list deleted in UTC? #5: How many times was Tor Browser ran on the suspects computer? #6: What is the suspects email address? #7: What is the FQDN did the suspect port scan? #8: What country was picture 20210429_152043.jpg allegedly taken in? #9: What is the parent folder name picture 20210429_151535.jpg was in before the suspect copy it to contact folder on his desktop? #10: A Windows password hashes for an account are below. What is the users password #11: What is the user John Does Windows login password? Comments Introduction John Doe was accused of doing illegal activities. A disk image of his laptop was taken. Your task is to analyze the image and understand what happened under the hood.

• CyberDefenders

Sunday, July 18, 2021 | 6 minutes Read

Hammered (Log Analysis)

https://cyberdefenders.org/labs/42 Contents Initial Analysis Initial Findings Manipulating the Logs auth.log - sorted by command then time auth.log - all unique lines sorted by command (excluding timestamp) auth.log - extract commands auth.log - extract IPs www-access.log - extract IPs www-access.log - extract user agents Questions #1 Which service did the attackers use to gain access to the system? #2 What is the operating system version of the targeted system? (one word) #3 What is the name of the compromised account #4 #5 Consider that each unique IP represents a different attacker. How many attackers were able to get access to the system? #6 Which attackers IP address successfully logged into the system the most number of times? #7 How many requests were sent to the Apache Server? #8 How many rules have been added to the firewall? #9 One of the downloaded files to the target system is a scanning tool. Provide the tool name. #10 When was the last login from the attacker with IP 219.150.161.20? #11 The database displayed two warning messages, provide the most important and dangerous one. #12 Multiple accounts were created on the target system. Which one was created on Apr 26 04:43:15? #13 Few attackers were using a proxy to run their scans. What is the corresponding user-agent used by this proxy? Failures Initial Analysis When we first unzip the archive, we get a large number of files. The challenge description says there are only five files (although apache2 is a folder containing three files, so seven in total); however, I found some answers are not in those seven files, so we need to consider all the files in the archive. However, most are in those primary five/seven.

• CyberDefenders

Thursday, May 27, 2021 | 7 minutes Read

MalDoc101 (Document Analysis)

https://cyberdefenders.org/labs/51 Contents Tools Used 1. Multiple streams contain macros in this document. Provide the number of highest one. 2. What event is used to begin the execution of the macros? 3. What malware family was this maldoc attempting to drop? 4. What stream is responsible for the storage of the base64-encoded string? 5. This document contains a user-form. Provide the name? 6. This document contains an obfuscated base64 encoded string; what value is used to pad (or obfuscate) this string? 7. What is the purpose of the base64 encoded string? 8. What WMI class is used to create the process to launch the trojan? 9. Multiple domains were contacted to download a trojan. Provide first FQDN as per the provided hint. Tools Used oledump olevba vmonkey (ViperMonkey) LibreOffice CyberChef sha256sum 1. Multiple streams contain macros in this document. Provide the number of highest one. We can use oledump to dump all the streams:

• CyberDefenders

Monday, April 26, 2021 | 5 minutes Read