Origins

Sherlock Scenario

A major incident has recently occurred at Forela. Approximately 20 GB of data were stolen from internal s3 buckets and the attackers are now extorting Forela. During the root cause analysis, an FTP server was suspected to be the source of the attack. It was found that this server was also compromised and some data was stolen, leading to further compromises throughout the environment. You are provided with a minimal PCAP file. Your goal is to find evidence of brute force and data exfiltration.
Forela 近期发生了一起重大安全事件。约 20GB 数据从内部 s3 存储桶遭窃,攻击者现正对 Forela 进行勒索。根源分析过程中,一台 FTP 服务器被怀疑是攻击源头。调查发现该服务器同样遭到入侵且部分数据失窃,导致整个环境遭受进一步渗透。现提供一份最小化的 PCAP 文件,你的任务是寻找暴力破解和数据外泄的证据。 Origins.zip【hacktheblue】

Q&A