LockBit Ransomware - Private Case #27244
LockBit Ransomware - Private Case #27244
This case is based on a Private Threat Brief. In February 2024, a Windows Confluence server was compromised, leading to a rapid, domain-wide intrusion. You will analyze how attackers used AnyDesk and Metasploit to escalate privileges and ultimately deployed ransomware within hours.
To read more about DFIR Labs click here.
Your access time starts at purchase time. You will receive an email within 5 minutes of purchase with instructions on how to connect to the lab. Enjoy!
Disclaimer
All information in the DFIR Labs and analysis of that information shall be treated as TLP:RED. This classification mandates that the information is not shared publicly or privately without explicit permission from The DFIR Report.
The difficulty of each DFIR Lab case is inherently subjective and may vary based on the participant’s individual skills and experience.
Share
This one could have been way better. It does not meet your definition of hard, first off. You guys could have given the investigator some way better AnyDesk logs. Also, you should have put real web logs in Splunk from the initial compromise. The questions are wayyyy to easy. I also don't understand why you guys can't give the answers after people pay you money, and that $100 for a session is highway robbery.
Thank you so much for your thoughtful review! We’re thrilled that you engaged with our labs, which are crafted from real-world intrusion scenarios. The logs and artifacts collected can sometimes vary because they reflect the authentic complexities of cyber incidents, but we always aim to provide valuable data for investigation.
We understand that the difficulty of the questions can feel a bit subjective, and we strive to create a balanced experience for all participants. Since everyone comes with different skills and experiences, what feels easy to one might be more challenging for another – and that’s all part of the learning journey!
As for the $100 session, this includes a comprehensive walkthrough, guiding you through the investigation process, explaining key decisions, and offering coaching to strengthen your future investigations. We believe this deep dive provides great value with personalized insights and support.
Your feedback means a lot to us, and we’ll definitely take it into account as we continue to improve our labs. Thanks again for sharing your thoughts!
You could unravel the enitre incident with the stats count by _time CommandLine search. and the question about the MD5 was a bit confusing... the MD5 of the stager or the MD5 of the shellcode?
Had a great time investigating and solving the questions.
Good chance to practice DFIR skill, definitely worth doing
I had a great time taking this lab. Amazing as always! Keep up the great work.