Skip to main contentSkip to main content
Room Banner
Room Icon

Tempest

Premium room

You are tasked to conduct an investigation from a workstation affected by a full attack chain.

medium

120 min

20,472

User profile photo.
User profile photo.

To access material, start machines and answer questions login.

This room aims to introduce the process of analysing endpoint and network logs from a compromised asset. Given the artefacts, we will aim to uncover the incident from the Tempest machine. In this scenario, you will be tasked to be one of the Incident Responders that will focus on handling and analysing the captured artefacts of a compromised machine.

Prerequisites

Before we start, this room requires basic knowledge of endpoint and network security analysis. It is highly recommended to go through the following rooms before attempting this challenge.

 Investigation Environment

For this incident, we have provided a Windows machine at your disposal. You may deploy the machine by clicking the Start Machine button in the upper-right-hand corner of the task.

Start Machine button.

Note: The machine takes a minute to initialise. You may start accessing it once the IP address has been provided.

The machine will start in a split-screen view. In case the is not visible, use the blue Show Split View button at the top-right of the page.

Lastly, you may use the following information if you prefer accessing the machine via :
Machine IP: MACHINE_IP
User: user
Pass: Investigatem3!
Answer the questions below
I have successfully connected to the Virtual Machine.

Ready to learn Cyber Security?

The Tempest room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.

Already have an account? Log in

We use cookies to ensure you get the best user experience. For more information see our cookie policy.