DiskFiltration
Premium roomTest your Windows investigation skills on a critical data exfiltration case.
hard
120 min
2,217
To access material, start machines and answer questions login.
An overview of the attack chain is provided in the table below:
| Tactic | Technique | Activity |
|---|---|---|
| Initial Access | T1078 (opens in new tab) - Valid Accounts: Local Accounts | Liam used his valid credentials to log into his workstation. |
| Discovery | T1083 (opens in new tab) - File and Directory Discovery | Liam searches for critical files in the file explorer. |
| Collection | T1560 (opens in new tab) - Archive Collected Data: Archive via Utility | Liam copies the zip file from the USB to his workstation and unzips it. |
| Exfiltration | T1048 (opens in new tab) Exfiltration Over Alternative Protocol | Liam executes a file responsible for uploading any future data in the Documents folder to the external entity. |
| Defense Evasion | T1070.004 (opens in new tab) - File Deletion | Liam deletes the extracted zip folder after performing the exfiltration. |
| Execution | T1059.001 (opens in new tab) - Command and Scripting Interpreter: | Liam executes a command to get some information about the system as per the plan provided by the external entity helping him. |
Answer the questions below
Ready for the challenge?
Ready to learn Cyber Security?
The DiskFiltration room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in