Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/rosesecurity/obfusc8ted
You and the AppleLabs' Incident Response Team have been notified of a potential breach to a Human Resources' workstation. According to the Human Resources representative, they did not notice any anomalous activity while browsing the web, but the AppleLabs' system information and event management (SIEM) instance alerted on a suspicious domain. Moments later, the host-based intrusion detection system (HIDS) alerted on several malicious programs acting as potential keyloggers. While the AppleLabs' IT and Incident Response Teams struggle to find the answers, can you lend us your digital forensic experience to hunt down this threat actor?
https://github.com/rosesecurity/obfusc8ted
Last synced: 3 months ago
JSON representation
You and the AppleLabs' Incident Response Team have been notified of a potential breach to a Human Resources' workstation. According to the Human Resources representative, they did not notice any anomalous activity while browsing the web, but the AppleLabs' system information and event management (SIEM) instance alerted on a suspicious domain. Moments later, the host-based intrusion detection system (HIDS) alerted on several malicious programs acting as potential keyloggers. While the AppleLabs' IT and Incident Response Teams struggle to find the answers, can you lend us your digital forensic experience to hunt down this threat actor?
- Host: GitHub
- URL: https://github.com/rosesecurity/obfusc8ted
- Owner: RoseSecurity
- Created: 2021-11-28T07:28:32.000Z (about 3 years ago)
- Default Branch: main
- Last Pushed: 2021-12-02T15:46:31.000Z (about 3 years ago)
- Last Synced: 2024-05-01T17:47:47.014Z (8 months ago)
- Homepage:
- Size: 1.24 MB
- Stars: 74
- Watchers: 3
- Forks: 4
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Obfusc8ted:
You and the AppleLabs' Incident Response Team have been notified of a potential breach to a Human Resources' workstation. According to the Human Resources representative, they did not notice any anomalous activity while browsing the web, but the AppleLabs' system information and event management (SIEM) instance alerted on a suspicious domain. Moments later, the host-based intrusion detection system (HIDS) alerted on several malicious programs acting as potential keyloggers. While the AppleLabs' IT and Incident Response Teams struggle to find the answers, can you lend us your digital forensic experience to hunt down this threat actor?
## Starting Point:
Password = hackthebox
```
cd ~
mkdir Obfusc8ted
cd /Obfusc8ted
git clone https://github.com/RoseSecurity/Obfusc8ted
unzip Obfusc8ted.zip
```## Objective:
Learn new techniques to parse obfuscated network traffic in an attempt to identify malicious threat actors' intentions.
Difficulty:
```
Easy
```Flag Format:
```
HTB{s0me_fl4g_her3}
```Author(s):
```
Kleptocratic and RoseSecurity
```
## Walkthrough:The password for Walkthrough.zip is the final flag, but if you could not discover the answer, check out https://medium.com/@RoseSecurity/obfusc8ted-walkthrough-making-sense-of-malware-infested-network-traffic-8b61c2c60c4e!
## Happy Hunting!
![content-blog-cybersecurity-threat-hunting-risk-19003-001n](https://user-images.githubusercontent.com/72598486/143734115-394cb6a1-37c6-4f65-82e4-b57a31fb6ad3.jpg)