Deep Blue
BLUETEAMLABSONLINEINCIDENT RESPONSE
11/6/2023
The Deep blue Investigation requires the examination of security and system logs.
Scenario
A Windows workstation was recently compromised, and evidence suggests it was an attack against internet-facing RDP, then Meterpreter was deployed to conduct 'Actions on Objectives'. Can you verify these findings?The goal is to find the commands that were used by the
---------------------------
Tools Used
In this case we work with the following:
DeepBlueCLI - https://github.com/sans-blue-team/DeepBlueCLI
Microsoft Event viewer - Preinstalled on Windows
The blue team must also identify sender addresses, sender/receiver E-Mails, IPs, Host Name, URLs, attached files, malicious links.
Profiles
Socials
Subscribe to My newsletter
This website is non-commercial and does not contain affiliate links, ads or cookies