Skip to main contentSkip to main content
Room Banner
Room Icon

ContAInment

Can you help contain the ransomware threat with the help of AI?

medium

60 min

7,955

User profile photo.
User profile photo.

To access material, start machines and answer questions login.

Your Mission

You are a Security Analyst at West Tech, a classified defence and R&D contractor. Early this morning, internal monitoring systems flagged unusual network activity originating from the workstation of senior researcher Oliver Deer. Upon accessing the machine, a ransom note was discovered on the desktop, suggesting that sensitive project data had been exfiltrated and encrypted. Your job is to investigate the incident: identify how the attacker gained access, trace their actions, recover any stolen data, and neutralise the threat. Time is critical; the of West Tech’s most sensitive technologies may be at risk.

Your Set Up

Set up your virtual environment

To successfully complete this room, you'll need to set up your virtual environment. This involves starting both your AttackBox (if you're not using your VPN) and Target Machines, ensuring you're equipped with the necessary tools and access to tackle the challenges ahead.
Attacker machine
Status:Off
Target machine
Status:Off

After giving your machines a couple of minutes to boot up, you’ll have access to:

  • A workstation environment. You have been granted access to the affected employee's workstation. You can access this from the AttackBox (or your personal machine if you are connected to the ) via:
    ssh o.deer@MACHINE_IP Password: TryHackMe!.
  • A trusty AI IR security assistant, armed with "tools" built and designed specifically to help you with the heavy lifting in this challenge. They don't need to be manually triggered by yourself, our AI is a smart cookie and can intelligently determine when these tools should be triggered from prompt context. Some of the tools may provide hints as to when to engage the AI for help and are presented in the "available tools" section in chronological order in which they can be used throughout the investigation. You can simply use it as you would a chatbot. Another cool feature is that this AI is deployed on the same system as the workstation you are investigating and so has access to all the files you do, meaning you can give it file paths in your queries. The AI is accessible via: http://MACHINE_IP:7860/?__theme=light

This challenge is built to reflect a real defensive scenario, where all tasks can be accomplished without the use of your companion and its tools, but can be done with far more efficiency when taken advantage of. And with that, you're all set to go! Can you help save the day and contAIn the threat?

Note: Your assistant takes some time to wake up, so the first prompt may take a little longer to respond to than subsequent prompts.

Answer the questions below

Can you contAIn the threat and find the flag?

Ready to learn Cyber Security?

TryHackMe provides free online cyber security training to secure jobs & upskill through a fun, interactive learning environment.

Already have an account? Log in

We use cookies to ensure you get the best user experience. For more information see our cookie policy.