Cyber Apocalypse 2023

Packet cyclone

Solved by : thewhiteh4t

  • We are given Windows EVTX files and sigma rules for detecting exfiltration using rclone
  • To scan these EVTX files we can use chainsaw which supports sigma rules
chainsaw hunt -s sigma_rules -m sigma-event-logs-all.yml Logs
  • Two detection are shown
  • First one contains credentials of

  • Second contains file paths

  • Here are the correct answers based on information given in these two detection :

Published on : 27 Mar 2023