Deep Blue

BLUETEAMLABSONLINEINCIDENT RESPONSE

11/6/2023

The Deep blue Investigation requires the examination of security and system logs.

Scenario

A Windows workstation was recently compromised, and evidence suggests it was an attack against internet-facing RDP, then Meterpreter was deployed to conduct 'Actions on Objectives'. Can you verify these findings?The goal is to find the commands that were used by the
---------------------------

Tools Used

In this case we work with the following:

The blue team must also identify sender addresses, sender/receiver E-Mails, IPs, Host Name, URLs, attached files, malicious links.