Logless Hunt

To access material, start machines and answer questions login.

In this room, as a team member, you were tasked with supporting a medium-sized company in its efforts to investigate and recover from a cyberattack in which threat actors cleared Windows Security logs and hoped to remain undetected.

The room is intended for team members and L2/L3 analysts who want to be better prepared during scenarios in which a cyberattack does not leave any obvious traces but still must be investigated using built-in tools and artifacts.

Learning Objectives

Get acquainted with different Windows logs, some even more helpful than Security logs
Investigate a realistic attack scenario, from web exploitation up to credential access

Prerequisites

Before moving on, it is recommended to be familiar with Windows , its logging capabilities and common attack techniques. Great rooms to start with:

Notice: This room includes both guided walkthroughs along with independent challenges that rely on knowledge gained in other rooms. Prepare for both!

Answer the questions below

Let's begin!

Ready to learn Cyber Security?

The Logless Hunt room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.

Already have an account? Log in

Logless Hunt

Task 1Introduction

Learning Objectives

Prerequisites

Task 2ScenarioPremium

Task 3Initial Access | Web Access LogsPremium

Task 4From Web to RDP | PowerShell LogsPremium

Task 5Breached Admin | RDP Session LogsPremium

Task 6Persistence Traces | Scheduled TasksPremium

Task 7Credential Access | Windows DefenderPremium

Task 8ConclusionPremium

Ready to learn Cyber Security?