Search:

Honeynet Log Challenge: Log Mysteries

Thursday, September 02, 2010

Anton Chuvakin

Ebb72d4bfba370aecb29bc7519c9dac2

Project Honeynet just released its latest Forensic Challenge 5 - Log Mysteries. It is based on logs from a compromised virtual server and requires quite a bit of digging through messy log data.

The Challenge:

 

Analyze the attached sanitized_log.zip [A.C. – get the logs here] and answer the following questions:

 

  1. Was the system compromised and when? How do you know that for sure? (5pts)
  2. If the was compromised, what was the method used? (5pts)
  3. Can you locate how many attackers failed? If some succeeded, how many were they? How many stopped attacking after the first success? (5pts)
  4. What happened after the brute force attack? (5pts)
  5. Locate the authentication logs, was a bruteforce attack performed? if yes how many? (5pts)
  6. What is the timeline of significant events? How certain are you of the timing? (5pts)
  7. Anything else that looks suspicious in the logs? Any misconfigurations? Other issues? (5pts)
  8. Was an automatic tool used to perform the attack? if yes which one? (5pts)
  9. What can you say about the attacker's goals and methods? (5pts)

Bonus. What would you have done to avoid this attack? (5pts)

Go get the challenge here and get to solving it – you have about a month. And, yes, there will be prizes too!

Share This! |
Possibly Related Articles:
2231
Network->General
Information Security
Event Logging
Post Rating I Like this!
Comments:
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked


Latest Member Comments

"installment loan"

Student Pleads Guilty to Counterfeiting Coup... on 06-18-2013

"Counterfeiting is against the law. So it is bad to sell and buy products such as bogus.There is nothing brand new about counterfeiting...."

Student Pleads Guilty to Counterfeiting Coup... on 06-18-2013

"Can you tell mo more about how to keep clean mess from PC anywhere can you elaborate. http://www.chemdryrapiddry.com.au/carpet-cleanin..."

Starting to Clean Up the Mess from PCAnywher... Peggy Patterson on 06-18-2013

"Have you ever dreamed that your 90′s cyberpunk movies goes real? Well, we almost there, meet the Deep Web. The Deep Web (also called ..."

What is the Deep Web? A Trip into the Abyss.... Smukke Smukke on 06-13-2013
Latest Posts