Thursday, December 14, 2017

Infosec Advent Challenge #14 - syslog intrusion analysis

We've posted the 14th challenge in the "Infosec Advent" series. This one is a Linux server intrusion case. You get syslog and auth.log. Unfortunately that's all that was being forwarded.

We have some Linux syslog and authentication logs download here. Download and analyze the logs for signs of intrusion. Based on the log data, let us know what you think has happened.

Specifically, we're looking to understand the following:
  1. How many attackers compromised the server?
  2. What did the attackers do once on the server?
  3. What steps should be taken to recover from the incident?
  4. What, in your opinion, is the likely root cause of the incident?
In all cases, please show your work (e.g. back your analysis with facts, where available). In cases where data is not available to back your hypothesis, let us know what data you would need and where you would look to collect it.

Please limit your submissions to 1500 words. The best characterization of this web server intrusion will receive a $25 Amazon gift card (subject to contest rules). The winner will be announced 21DEC17.

If you were looking for another Digital Forensics and Incident Response (DFIR) related challenge, here you go. Have fun!

If you don't already have an account, you can register to play at https://www.infosecadvent.com.

Cross posted from the Rendition Infosec corporate blog.

Wednesday, December 13, 2017

Infosec Advent Challenge #13 - web server intrusion analysis

We've posted the 13th challenge in the "Infosec Advent" series. This one is a web server intrusion case where we will ask you to analyze the logs and let us know what you find.

We have a set of web server logs that you can download here. Download and analyze the logs for signs of intrusion. Based on only the web log data (yes, we know that makes it harder) write a narrative that explains what happened.

Is this a realistic scenario to only have logs and not an image of the web server filesystem? Unfortunately, the answer is yes. Rendition Infosec worked a case this year where logs were available but the server image was unavailable. We would prefer more data to work with, but in infosec as in life, you have to play what you've got.

Please limit your submissions to 1500 words. The best characterization of this web server intrusion will receive a $25 Amazon gift card (subject to contest rules). The winner will be announced 20DEC17.

If you were looking for some Digital Forensics and Incident Response (DFIR) related challenges, here you go. Have fun!

If you don't already have an account, you can register to play at https://www.infosecadvent.com.

Cross posted from the Rendition Infosec corporate blog.

Tuesday, December 12, 2017

Introducing Infosec Advent

Rendition Infosec is sponsoring a new contest this holiday season to up your infosec skills and make you think (at least a little) about infosec each day. We're calling the challenge "Infosec Advent" and have set aside $1,000 in prizes to sweeten the pot for those who wish to participate.

In all honesty, it would have been way cooler if we could have launched this on December 1st like we planned. But unfortunately, attackers don't schedule their attacks on our clients so this project got put on hold while we did some end-of-year incident response. We almost decided not to run it this year, but then realized that was dumb.  When it comes to this sort of thing does late really matter? After all, we're talking about free infosec education and free money...

We're releasing a series of hard and soft skill challenges between now and December 24th (the first 12 are posted now).  While we'll admit that the initial set of challenges are relatively soft skill focused, we don't think that's a bad thing. Soft skill challenges are accessible to anyone, while hard skill challenges require more specific skills to perform.  That said, you can expect some PCAP, memory dumps, and a few other surprises before Christmas.

We have no idea how popular this will be (or if anyone will care) but we wanted to give back to the broader community and this seemed like a great way to do it.  We will posting the entries of the winners (and probably honorable mentions) so that everyone can learn throughout the holiday season.

If you want to play, hop on over to https://www.infosecadvent.com and register to play.