Online Jeopardy:

Candidates will be provided with a disc image containing forensic tools and data exports collected from the compromised infrastructure.

You will also be given access to an MS Sentinel instance containing a variety of logs from the compromised infrastructure. Using these tools and data sources, you will need to find flags and build a timeline of the attackers' actions.

Scenario: ACME is a small company with 5-10 employees in the financial services sector. They run a hybrid infrastructure with some resources in the cloud and some on-premises.

A few weeks ago, they suffered a ransomware attack that left their infrastructure in shambles.

The IT person has provided you with a number of data files that they had collected during their failed investigation (VM images, PCAPs, memory images, etc.) and has also given you access to their security tools. Using these tools build a timeline of the attacker’s actions and identify the traces they have left behind.