forensicseasy

Stockpile Breach

0xl4ugh

Task: Analyze a Windows triage image to reconstruct a malware attack timeline and answer 11 incident response questions. Solution: Parse Sysmon EVTX logs to identify the malware download source (Zone.Identifier ADS), execution timeline, C2 communication (Sliver framework at 3.121.219.28:8888), persistence via registry Run key, and file artifacts.

$ ls tags/ techniques/

windows malware_analysis evtx c2 sysmon incident_response sliver

sysmon_log_analysisregistry_persistencec2_detectiontimeline_analysis

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Create a free account with GitHub, then upgrade to Pro.

$ssh [email protected]