Skip to main contentSkip to main content
Room Banner
Room Icon

Benign

Premium room

Challenge room to investigate a compromised host.

medium

150 min

39,160

User profile photo.
User profile photo.

To access material, start machines and answer questions login.

Set up your virtual environment

To successfully complete this room, you'll need to set up your virtual environment. This involves starting both your AttackBox (if you're not using your VPN) and Target Machines, ensuring you're equipped with the necessary tools and access to tackle the challenges ahead.
Attacker machine
Status:Off
Lab machine
Status:Off

We will investigate host-centric logs in this challenge room to find suspicious process execution. To learn more about and how to investigate the logs, look at the rooms splunk101 and splunk201.

Room Machine

Before moving forward, deploy the machine. When you deploy the machine, it will be assigned an IP. Access this room via the AttackBox, or via the at MACHINE_IP. The machine will take up to 3-5 minutes to start. ll the required logs are ingested in the index win_eventlogs.

Answer the questions below
Connect with the lab.

We use cookies to ensure you get the best user experience. For more information see our cookie policy.