Australian Cyber Security Center - Incident Response Challenge

Home Blog


 Hello!

I was given the chance to go to a two day IR challenge that the ACSC was hosting. Finishing up the two day, was a rollercoaster. Those who know me, I've been doing attacking for sometime and love every bit of it. I feel like I'm super comfortable in Kali and Powershell. I have a pretty strong methodology in attacking networks and machines. However from a Digital Forensics side, I have no clue!

This goes to show how big Security is. Below is a copy and paste of the whole premise:

PRELUDE

The Wind In-case of No Daylight Corporation (WIND Corp) need your help! A critical application supporting their wind turbines has ceased to function, causing the turbines to lock and stop producing electricity. WIND Corp are already suffering reputational damage as customers lose power.

As the head of IT Security, you have been tasked to lead an investigation and remediate the situation. There are suspicions that this is no accident and that someone or something is intentionally causing this business destroying disruption.

WIND Corp's IT department have detected the use of an unauthorised device on an operator's workstation. They have provided you with the memory dump from the workstation and network traffic captured on the company's main router.

<END>

We are given 2 artifects; 1 pcap file and 1 raw file. From there, as responders, we need to complete  timeline analysis, map out what took place, who the malicious actor is, how he pivoted etc.. I won't go into details on what happened as the CTF is still happening in Sydney, Adelaide and Perth. But one thing to say is that the people that created this, are exceptionally skilled.

I'm so motivated and inspired by the knowledge and passion that these people bring to the community. Forensics is such a different beast, I learned quiet a lot in regards to dumping processes from memory, reading them, using SIFT Workstation etc. I love learning about these types of things and it was such a wonderful experience.

I feel like there is such a positive energy about me whenever I go to these events, because its something I can talk about forever to my colleagues. Its refreshing to see absolute talent, and killers in the cyber security world - I cant help to feel a rush of energy and rejuvenation in my veins. I'm gonna have a look more into these artifects and see what I can find.. Until then..

Further updates about me: