Daily Blog #308: Sunday Funday 4/27/14 - Windows 2008 Realtime Response Challenge

Windows 2008 Realtime Response Challenge by David Cowen - Hacking Exposed Computer Forensics Blog

Hello Reader,
         It's Sunday and we just finished the second day of competition here at the National Collegiate Cyber Defense Competition. I thought it would be fun to see what kind of things you would do in the shoes of a defending college team against my team of all star bad guys. Good luck in this weeks live response challenge!

The Prize:

A $200 Amazon Gift Card

The Rules:
  1. You must post your answer before Monday 4/28/14 8AM CST (GMT -5)
  2. The most complete answer wins
  3. You are allowed to edit your answer after posting
  4. If two answers are too similar for one to win, the one with the earlier posting time wins
  5. Be specific and be thoughtful 
  6. Anonymous entries are allowed, please email them to dcowen@g-cpartners.com. Please state in your email if you would like to be anonymous or not if you win.
  7. In order for an anonymous winner to receive a prize they must give their name to me, but i will not release it in a blog post

The Challenge:
You have a Windows 2008 server that you are reviewing logs for and notice that an attacker is currently logged in. What would you do to:
A. Remotely interact with the system without exposing credentials to the attacker to steal
B. Determine the attackers actions
C. Determine where the attacker is coming from
D. Determine which processes may be providing some kind of persistence for the attacker

Also Read: Daily Blog #307

Post a Comment