HELP! St. John’s University has been HACKED, and SJU ACM members have been recruited to investigate. Put your digital forensics and incident response skills to the test by investigating the attack to figure out who did it, where they did it, and what malware they used.
The day is Thursday, October 5. The St. John’s ACM Student Chapter club is meeting for its second meeting of the Fall 2023 semester. Upon entering the cyber lab, the club is met with a terrifying discovery: St. John’s University has been HACKED! The only piece of evidence left behind by the attacker is a USB drive. St. John’s IT was able to estimate that the hack occurred at approximately 12 pm on Thursday, October 5, however, they suspect that a member of the SJU ACM e-board was behind it all. To assist in the investigation, the members of SJU ACM have agreed to examine the contents of the USB drive in hopes of uncovering the true identity of the culprit. It’s up to you to figure out who did it, where they did it, and what malware they used.
Download the USB drive image here.
Download the slides (including a list of the possible culprits, locations, and malware) here.
Got stuck? Watch the walkthrough video here.
The day is Wednesday, April 17. The St. John’s ACM Student Chapter e-board is collaborating on their cloud platform to design a new workshop for their members. Upon logging in, they’re met with an alert in their SIEM indicating that one of their workstations may have been infected with malware! The alert shows that a mysterious command was run on David’s workstation, however, David claims that he was not logged into his workstation at the time of the alert and suspects that someone else on the e-board must have been the one behind this incident. The members of SJU ACM have agreed to investigate the alert in hopes of uncovering the true identity of the culprit. It’s up to you to figure out who did it, where they did it, and what malware they used.
Download the slides (including a list of the possible culprits, locations, and malware) here.
Watch the walkthrough video here.
Learn how it was made here.