Skip to main contentSkip to main content
Room Banner
Room Icon

Tempest

Premium room

You are tasked to conduct an investigation from a workstation affected by a full attack chain.

medium

120 min

22,120

User profile photo.
User profile photo.
User profile photo.

To access material, start machines and answer questions login.

Set up your virtual environment

To successfully complete this room, you'll need to set up your virtual environment. This involves starting both your AttackBox (if you're not using your VPN) and Target Machines, ensuring you're equipped with the necessary tools and access to tackle the challenges ahead.
Attacker machine
Status:Off
Lab machine
Status:Off

This room aims to introduce the process of analysing endpoint and network logs from a compromised asset. Given the artefacts, we will aim to uncover the incident from the Tempest machine. In this scenario, you will be tasked to be one of the Incident Responders that will focus on handling and analysing the captured artefacts of a compromised machine.

Prerequisites

Before we start, this room requires basic knowledge of endpoint and network security analysis. It is highly recommended to go through the following rooms before attempting this challenge.

 Investigation Environment

For this incident, we have provided a Windows machine at your disposal. You may deploy the machine by clicking the Start Lab Machine button in the upper-right-hand corner of the task.

Start Lab Machine button.

 

Note: The machine takes a minute to initialise. You may start accessing it once the IP address has been provided.
 
The machine will start in a split-screen view. In case the is not visible, use the blue Show Split View button at the top-right of the page.

Credentials

Username
 
user
 
Password
 
Investigatem3!
 
IP address
 
MACHINE_IP
Connection via
 
Answer the questions below
I have successfully connected to the Lab Machine.

We use cookies to ensure you get the best user experience. For more information see our cookie policy.