This post is a write-up or clues on how to resolve the KC7 investigation case of CloutHaus: Social Media leads to Compromise . You can use it as a helpful guide when you encounter an obstacle, as it structured as a fill-in-the-blanks solution. Section 1: Got Clout? 🤳 Question 1: Based on Afomiya’s Instagram profile, what is the email address she uses for brand deals? You Got this 👾 ...
This post is a walkthrough of the KC7 investigation case of Valdoria Votes . You can use it as a helpful guide when encountering an obstacle or trying to understand a question. Different ways to answer questions might exist, so don’t be afraid to explore your path. Section 3: A vote of no confidence Question 2: What IP address did they forget to hide in the poster? You Got this 👾 ...
In this article, I will cover the steps I took in OpenMediaVault to export all the data from Firefly-III to Unraid on my new server, EVE 6, a ZimaBlade powered by Unraid . As I transition to this new setup, I document my process and progress to facilitate future improvements and enhancements. I also hope this article will inspire others to tackle similar projects. ...
The Evolution of EVE: Lessons from a Home Lab Enthusiast In an era where data drives everything from work to leisure, the Network-Attached Storage (NAS) concept has moved from corporate server rooms to the homes of tech enthusiasts. My story of starting with OpenMediaVault on a Raspberry Pi 3 Model B+ in 2019 and evolving through a series of hardware upgrades and software experiments to my current ZimaBlade powered by Unraid EVE 6.0 is a testament to the power of curiosity, adaptability, and the never-ending quest for optimization. ...
This post is a write-up or clues on how to resolve the KC7 investigation case of Frognado in Valdoria . You can use it as a helpful guide when encountering an obstacle or trying to understand a question. Different ways to answer questions might exist, so feel free to explore your path. Section 1: Maybe it’s just a tadpole? 😢👀 Question 1: You Got this 👾 ...
This post is a write-up or clues on how to resolve the KC7 investigation case of SANS Holiday Hack Challenge 2024 The Great Elf Conflict . You can use it as a helpful guide when encountering an obstacle or trying to understand a question. Different ways to answer questions might exist, so feel free to explore your path. Section 1: KQL 101 You got it 👾 ...
This post is a walkthrough of the KC7 investigation case of KC7 HopsNStuff . You can use it as a helpful guide when encountering an obstacle or trying to understand a question. Different ways to answer questions might exist, so don’t be afraid to explore your path. Section 2: 🥚Info💰 Question 1: Let’s take a look at our SecurityAlerts. A security alert flagged on a file that was quarantined on March 31, 2023. Which host was this identified on? The question provided us with the timestamp and flag reason. ...
This post is a write-up or clues on how to resolve the KC7 investigation case of Inside Encryptodera . You can use it as a helpful guide when you encounter an obstacle, as it structured as a fill-in-the-blanks solution. Section 1: Offensive Odor 👽 Question 1: What is Barry’s role at the company? Employees | where name contains "Barry" | project name , role Question 2: What is Barry’s email address? Employees | where name contains "Barry" | project name , role, email_addr Question 3: What was the subject of the interesting email (the one on January 16th) that Barry sent? Email | where sender == "barry_shmelly@encryptoderafinancial.com" | where timestamp between (datetime(2024-01-16T00:00:00Z) .. datetime(2024-01-16T23:59:59Z)) Question 4: What was the role of the employees that received Barry’s email? Find the list of the recipients. Email | where sender == "barry_shmelly@encryptoderafinancial.com" | where subject == "I'm not coming in today. I'm sick of this place. We're all getting laid off anyway." Find the role. Employees | where email_addr in ("christopher_naylor@encryptoderafinancial.com", "michelle_collins@encryptoderafinancial.com", "jarrod_rodriguez@encryptoderafinancial.com") | distinct role Advanced operators: Email | where sender == "barry_shmelly@encryptoderafinancial.com" | where subject == "I'm not coming in today. I'm sick of this place. We're all getting laid off anyway." | project recipient | join kind=inner ( Employees | project email_addr, role ) on $left.recipient == $right.email_addr | project recipient, role | distinct role Question 5: What was the role of the recipient of that email? Email | where subject == "YOU ARE A GREEDY PIG!!!! WHAT IS WRONG WITH YOU?????" Employees | where email_addr == "les_goh@encryptoderafinancial.com" | project role Question 6: What’s Barry’s IP address? (Paste the full IP address ) Employees | where name contains "Barry" | project ip_addr Question 7: What was the complete URL that Barry was browsing on his computer regarding Cybersecurity Insiders on the afternoon of December 26th?(Paste the full url) OutboundNetworkEvents | where src_ip == "10.10.0.1" | where url contains "Insiders" | project url Question 8: What website did he visit first on January 15th? (Paste the full URL) OutboundNetworkEvents | where src_ip == "10.10.0.1" | where timestamp >= datetime(2024-01-15T00:00:00Z) | top 1 by timestamp asc | project url Question 9: Could you provide the full URL for the website Barry searched for USB Flash Drives? OutboundNetworkEvents | where src_ip == "10.10.0.1" | where url contains "usb" | project url Question 10: What “secret” document on business transactions did Barry download? InboundNetworkEvents | where src_ip == "10.10.0.1" | where url contains "secret" | project url Question 11: What document (docx) did Barry download about salaries? InboundNetworkEvents | where src_ip == “10.10.0.1” and url contains “salary” and url contains “docx” | project url ...
This post is a write-up or clues on how to resolve the KC7 investigation case of Balloons Over Iowa . You can use it as a helpful guide when you encounter an obstacle, as it structured as a fill-in-the-blanks solution. Section 2: Aliens 👽 Question 1: Which email address sent a message containing the domain invasion.xyz? Table | where <field> <operator> "invasion.xyz" Question 2: How many users received email with links to the domain invasion.xyz? Table | where <field> <operator> "invasion.xyz" | count Question 3: What was the subject of the email sent in (1)? Answer from question 1. ...
This post is a write-up or clues on how to resolve the KC7 investigation case of A Scandal in Valdoria . You can use it as a helpful guide when you encounter an obstacle, as it structured as a fill-in-the-blanks solution. Section 2: Welcome to Valdoria! Question 1: What is the Newspaper Printer’s name? Clark Kent Question 2: What is the Editorial Intern’s name? Employees | where <field> == "Editorial Intern" Question 3: When was the Editorial Intern hired at The Valdorian Times? Answer from question 2. ...