Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/rosesecurity/obfusc8ted

You and the AppleLabs' Incident Response Team have been notified of a potential breach to a Human Resources' workstation. According to the Human Resources representative, they did not notice any anomalous activity while browsing the web, but the AppleLabs' system information and event management (SIEM) instance alerted on a suspicious domain. Moments later, the host-based intrusion detection system (HIDS) alerted on several malicious programs acting as potential keyloggers. While the AppleLabs' IT and Incident Response Teams struggle to find the answers, can you lend us your digital forensic experience to hunt down this threat actor?
https://github.com/rosesecurity/obfusc8ted

Last synced: 3 months ago
JSON representation

You and the AppleLabs' Incident Response Team have been notified of a potential breach to a Human Resources' workstation. According to the Human Resources representative, they did not notice any anomalous activity while browsing the web, but the AppleLabs' system information and event management (SIEM) instance alerted on a suspicious domain. Moments later, the host-based intrusion detection system (HIDS) alerted on several malicious programs acting as potential keyloggers. While the AppleLabs' IT and Incident Response Teams struggle to find the answers, can you lend us your digital forensic experience to hunt down this threat actor?

Awesome Lists containing this project

README

        

# Obfusc8ted:

You and the AppleLabs' Incident Response Team have been notified of a potential breach to a Human Resources' workstation. According to the Human Resources representative, they did not notice any anomalous activity while browsing the web, but the AppleLabs' system information and event management (SIEM) instance alerted on a suspicious domain. Moments later, the host-based intrusion detection system (HIDS) alerted on several malicious programs acting as potential keyloggers. While the AppleLabs' IT and Incident Response Teams struggle to find the answers, can you lend us your digital forensic experience to hunt down this threat actor?

## Starting Point:

Password = hackthebox

```
cd ~
mkdir Obfusc8ted
cd /Obfusc8ted
git clone https://github.com/RoseSecurity/Obfusc8ted
unzip Obfusc8ted.zip
```

## Objective:

Learn new techniques to parse obfuscated network traffic in an attempt to identify malicious threat actors' intentions.

Difficulty:

```
Easy
```

Flag Format:

```
HTB{s0me_fl4g_her3}
```

Author(s):

```
Kleptocratic and RoseSecurity
```
## Walkthrough:

The password for Walkthrough.zip is the final flag, but if you could not discover the answer, check out https://medium.com/@RoseSecurity/obfusc8ted-walkthrough-making-sense-of-malware-infested-network-traffic-8b61c2c60c4e!

## Happy Hunting!

![content-blog-cybersecurity-threat-hunting-risk-19003-001n](https://user-images.githubusercontent.com/72598486/143734115-394cb6a1-37c6-4f65-82e4-b57a31fb6ad3.jpg)