CyberTalents offers many cybersecurity courses in different areas

Apply Now
Challenge Name:  

FIN7

Category Icon Category:
Digital Forensics
Level Icon Level:
medium
Created at Icon Created At:
8 months ago
Tries Icon Tries:
1 Times
Solved Icon Solved:
1 Times
Points Icon Points:
100
Difficulty Level
Reported by other talents
Basic Advanced
Rating
How other talents liked this challenge

During an investigation, traces of suspicious activity were uncovered on a system. A process was injected with a malicious code that resulted in dropping and executing malicious files, which eventually led to a connection attempt to a suspicious domain.

Your task is to analyze the activity and uncover key components of the attack.

 

🔍 What to find:

X: The malicious domain that was resolved (domain.tld).

Y: The file extensions of the two malicious files that were dropped and executed (one extension) (.ext).

Z: The attackers have used a suspicious flag with one of the processes to escalate privileges, what is the flag? (flag)

 

Flag format: flag{X:Y:Z}

📁 All relevant logs are available in the FIN7 index.

🧠 Use the available data to trace the chain of events and identify the core elements of this compromise.

Credentials: admin/123456789

Note: Access the Splunk instance on port 8000, and note that the machine will remain up for one hour then you will have to restart it again.

Document Lock Icon

Sign in to view the challenge

Start Now

Copyright © Cyber Talents 2025. All Rights Reserved.