Cyberdefenders on Library of Devoruina

Wiredive

Wed, 17 Dec 2025 18:47:16 +0700

“WireDive is a combo traffic analysis exercise that contains various traces to help you understand how different protocols look on the wire where you can evaluate your DFIR skills against an artifact you usually encounter in today’s case investigations as a security blue team member.”

DHCP

Question 1

“What IP address is requested by the client?”

By filtering out DHCP traffic, we can find the IP address requests.

Answer: 192.168.2.244

Question 2

“What is the transaction ID for the DHCP release?”

Hawkeye

Wed, 17 Dec 2025 14:16:51 +0700

“An accountant at your organization received an email regarding an invoice with a download link. Suspicious network traffic was observed shortly after opening the email. As a SOC analyst, investigate the network trace and analyze exfiltration attempts.”

Question 1

“How many packets does the capture have?”

BlueSky Ransomware

Tue, 16 Dec 2025 16:25:04 +0700

“A high-profile corporation that manages critical data and services across diverse industries has reported a significant security incident. Recently, their network has been impacted by a suspected ransomware attack. Key files have been encrypted, causing disruptions and raising concerns about potential data compromise. Early signs point to the involvement of a sophisticated threat actor. Your task is to analyze the evidence provided to uncover the attacker’s methods, assess the extent of the breach, and aid in containing the threat to restore the network’s integrity.”

Question 1

“Knowing the source IP of the attack allows security teams to respond to potential threats quickly. Can you identify the source IP responsible for potential port scanning activity?”

Acoustic

Fri, 12 Dec 2025 08:52:04 +0700

“This lab takes you into the world of voice communications on the internet. VoIP is becoming the de-facto standard for voice communication. As this technology becomes more common, malicious parties have more opportunities and stronger motives to control these systems to conduct nefarious activities. This challenge was designed to examine and explore some of the attributes of the SIP and RTP protocols. "

Lab Files:

HoneyBOT

Fri, 12 Dec 2025 08:52:04 +0700

A PCAP analysis exercise highlighting attacker’s interactions with honeypots and how automatic exploitation works.. (Note that the IP address of the victim has been changed to hide the true location.)

As a SOC analyst, analyze the artifacts and answer the questions.

Question 1

What is the attacker’s IP address?

Packet Maze

Fri, 12 Dec 2025 08:52:04 +0700

A company’s internal server has been flagged for unusual network activity, with multiple outbound connections to an unknown external IP. Initial analysis suggests possible data exfiltration. Investigate the provided network logs to determine the source and method of compromise.

Question 1

What is the FTP password?

PsExec Hunt

Fri, 12 Dec 2025 08:52:04 +0700

An alert from the Intrusion Detection System (IDS) flagged suspicious lateral movement activity involving PsExec. This indicates potential unauthorized access and movement across the network. As a SOC Analyst, your task is to investigate the provided PCAP file to trace the attacker’s activities. Identify their entry point, the machines targeted, the extent of the breach, and any critical indicators that reveal their tactics and objectives within the compromised environment.