Challenge brief Hackers made it onto one of our production servers. We’ve isolated it from the internet until we can clean the machine up. The IR team reported eight different backdoors on the server but didn’t say what they were and we can’t get in touch with them. We need to get this server back […]
Challenge brief An attacker has found a vulnerability in our web server that allows arbitrary PHP file upload to our Apache server. Suchlike, the hacker has uploaded what seems to be an obfuscated shell (support.php). We monitor our network 24/7 and generate logs from tcpdump (we provided the log file for the period of two […]
Challenge brief Suspicious traffic was detected from a recruiter’s virtual PC. A memory dump of the offending VM was captured before it was removed from the network for imaging and analysis. Our recruiter mentioned he received an email from someone regarding their resume. A copy of the email was recovered and is provided for reference. […]