Tempest

This room aims to introduce the process of analysing endpoint and network logs from a compromised asset. Given the artefacts, we will aim to uncover the incident from the Tempest machine. In this scenario, you will be tasked to be one of the Incident Responders that will focus on handling and analysing the captured artefacts of a compromised machine.

Prerequisites

Before we start, this room requires basic knowledge of endpoint and network security analysis. It is highly recommended to go through the following rooms before attempting this challenge.

Investigation Environment

For this incident, we have provided a Windows machine at your disposal. You may deploy the machine by clicking the Start Lab Machine button in the upper-right-hand corner of the task.

Start Lab Machine button.

Note: The machine takes a minute to initialise. You may start accessing it once the IP address has been provided.

The machine will start in a split-screen view. In case the is not visible, use the blue Show Split View button at the top-right of the page.

Credentials

Username

user

Password

Investigatem3!

IP address

MACHINE_IP

Connection via

Answer the questions below

I have successfully connected to the Lab Machine.

Tempest

Task 1IntroductionTask includes a deployable machine

Task 2Preparation - Log AnalysisPremium

Task 3Preparation - Tools and ArtifactsPremium

Task 4Initial Access - Malicious DocumentPremium

Task 5Initial Access - Stage 2 executionPremium

Task 6Initial Access - Malicious Document TrafficPremium

Task 7Discovery - Internal ReconnaissancePremium

Task 8Privilege Escalation - Exploiting PrivilegesPremium

Task 9Actions on Objective - Fully-owned MachinePremium

Ready to learn Cyber Security?