Logo

Web Investigation

easy 10 tasks 1 hour
Analyze The PCAP File
An IDS alert reports an abnormal increase in database queries, which could be indicator for potential malicious activity. This abnormal activity raises immediate concerns about the security of customer data and internal networks. The COO manager request to perform an immediate investigation. As the primary analyst assigned to this case, your role is to analyze network traffic . Your goals is to determine how the attack was carried out, evaluating whether any sensitive data was compromised, and establishing if the attacker penetrated deeper into infrastructure.
List of tasks
Join

Introduction

1 Points

In this lab, you will step into the role of a security analyst responding to a potential cyber incident. An automated alert from the monitoring system has identified an unusual surge in database queries and server resource usage, indicating possible malicious activity.

Your task is to investigate the network traffic, determine the nature of the threat. By the end of this lab, you should be able to identify the attack vector, evaluate the risk of a data breach, and assess whether the attacker gained deeper access to internal systems.

This hands-on exercise will reinforce key incident response, threat identification, and investigative techniques used in real-world security operations.

 

Walkthrough:

https://medium.com/@aayushtiruwa120/web-investigation-blue-team-lab-cyberdefenders-cacfaf78f5b5

 

Now:

  1. Run the machine provided for this lab.
  2. Navigate to the Downloads folder to locate the needed file and start your analysis.

 

Click Complete once you finish the task.
Join

Attacker IP Address

5 Points

Can you provide the attacker's IP?

Full Match Answer:
Join

Geographical Location of Attacker IP address

5 Points

Can you determine the location of the attacker?

Full Match Answer:
Join

Exploited Page

10 Points

Can you provide the vulnerable page name?

Full Match Answer:
Join

Initial Exploitation Attempt

5 Points

What was the web server timestamp of the attacker's first SQL injection attempt?

Answer format: HH:MM:SS

 

List of Answers:
Join

Access and Read Web Server

5 Points

Identify the HTTP request sent by the attacker to exploit a vulnerability and extract database schema names.

Full Match Answer:
Join

Data Breach and Data Access

5 Points

What's the database table containing the website clients data?

Full Match Answer:
Join
Join room to see all questions
Join
Join room to see all questions
Join
Join room to see all questions
Join
::

User Profile

Sign Out
Edit Profile
Account settings
Active Sessions
Manage your active login sessions.
Balance
Add balance and access to all contents.
Credit Usage
Monitor your balance usage.
Cyber Wall
Work towards these by completing labs as possible.

List of tasks