Sabar
15th place
9650 points
Awards
Hint 122
hints
Hint for The Money Trail 2
-50
Hint 121
hints
Hint for The Money Trail 2
-5
Hint 106
hints
Hint for Exfiltration Method
-25
Hint 124
hints
Hint for Telegram ID
-30
Hint 77
hints
Hint for The Money Trail
-80
Hint 76
hints
Hint for The Money Trail
-40
Hint 123
hints
Hint for The Money Trail
-5
Hint 67
hints
Hint for Mining Pool Endpoint
0
Hint 63
hints
Hint for Phantom Process
-25
Hint 64
hints
Hint for Phantom Process
-50
Hint 20
hints
Hint for Executable Hunt
-20
Hint 21
hints
Hint for Executable Hunt
-40
Hint 17
hints
Hint for Port of Fortune
-20
Hint 13
hints
Hint for Backdoor Gateway
-25
Hint 14
hints
Hint for Backdoor Gateway
-50
Hint 38
hints
Hint for The Fox
-30
Hint 39
hints
Hint for The Fox
-60
Hint 12
hints
Hint for The Origin Point
-50
Solves
| Challenge | Category | Value | Time |
|---|---|---|---|
| Persistence Technique ID | Threat Hunting | 300 | |
| Persistence Technique action | Threat Hunting | 280 | |
| Exfiltration Method | Threat Hunting | 200 | |
| The Money Trail 2 | Memory Forensics | 350 | |
| The Money Trail | Memory Forensics | 350 | |
| Mining Pool Endpoint | Memory Forensics | 200 | |
| Attacker Full Name | Threat Hunting | 200 | |
| Telegram ID | Network Forensics | 250 | |
| Communication Channel Key | Network Forensics | 275 | |
| Incident Response Report Submission | Incident Reporting | 2500 | |
| forked | Threat Hunting | 180 | |
| Github Username | Network Forensics | 150 | |
| Data Theft Blueprint | Network Forensics | 210 | |
| Patient Zero Identification | Network Forensics | 200 | |
| Elapsed Time | Network Forensics | 150 | |
| Process Identifier Hunt | Memory Forensics | 200 | |
| Parent | Memory Forensics | 150 | |
| Service Exposure Point | Memory Forensics | 100 | |
| ssh port | Memory Forensics | 95 | |
| Phantom Process | Memory Forensics | 90 | |
| Executable Hunt | SIEM Analysis | 200 | |
| The Fox | Threat Intelligence | 150 | |
| Identity Compromise | SIEM Analysis | 200 | |
| Port of Fortune | SIEM Analysis | 200 | |
| Mining Operation Discovery | SIEM Analysis | 200 | |
| The Origin Point | SIEM Analysis | 200 | |
| Backdoor Gateway | SIEM Analysis | 200 | |
| ASN | Threat Intelligence | 150 | |
| Source Country | Threat Intelligence | 150 | |
| Threat Classification | Threat Intelligence | 150 | |
| Infrastructure Attribution | Threat Intelligence | 150 | |
| Reputation Check | Threat Intelligence | 150 | |
| New Administrative Account | Alert Triaging | 300 | |
| Suspicious New Domain Access detected | Alert Triaging | 300 | |
| Elevated Privileges Detected | Alert Triaging | 300 | |
| Malicious Web Traffic | Alert Triaging | 300 | |
| Password Reset Activity | Alert Triaging | 300 | |
| 4 - Compromised System Identification | Scenario Reading | 50 | |
| 3 - Security Monitoring Infrastructure | Scenario Reading | 50 | |
| 2 - Incident Timeline | Scenario Reading | 50 | |
| 1 - Company Profile | Scenario Reading | 50 | |
| Sheat Cheet | Sanity Check | 10 | |
| Rules Reading | Sanity Check | 6 | |
| Nama Kapal | Sanity Check | 5 | |
| Nama Tools | Sanity Check | 3 | |
| First President | Sanity Check | 1 |