Blue teaming #2

This month, we're continuing last month's Blue Party 💙!
This online meetup will also focus on defense and will take place on October 26th at 6 PM CEST.

We will walk through the Heartbreaker-Denouement Sherlock scenario: "Your digital forensics expertise is critical to determine whether data exfiltration has occurred from the customer’s environment. Initial findings include a compromised AWS credential, indicating a potential unauthorized access. This investigation follows from a customer report of leaked data allegedly for sale on the darknet market. By examining the compromised server and analyzing the provided AWS logs, it will not only validate the customer's breach report but also provide valuable insights into the attacker's tactics, enabling a more comprehensive response."
To solve this Sherlock, we will use FLARE-VM and SOF-ELK VM. Relevant links to prepare for hands-on:

• Hypervisor VMware Workstation Pro (it is free now) https://knowledge.broadcom.com/external/article/344595/downloading-vmware-workstation-pro.html

• FLARE-VM (FireEye Labs Automatic REverse Engineering): https://github.com/mandiant/flare-vm?tab=readme-ov-file#requirements

• SOF-ELK (Security Operations and Forensics Elasticsearch, Logstash, Kibana): https://github.com/philhagen/sof-elk/wiki/Virtual-Machine-README

We'll use the first hour as an introduction to go over key blue teaming terms and resources. Starting at 7 PM, we'll begin the HTB Sherlock walkthrough.
RSVP to receive access to the HTB labs on the day of the event. The live walkthrough and chat will take place on Discord.

Note, for communication purposes be sure to join the group here https://www.meetup.com/hack-the-box-meetup-belgrade-rs or, allow "Anyone on Meetup" to contact you https://www.meetup.com/account/privacy

Tell a friend to join the group, and see you at the meetup! :)