Our Scenarios
Network Traffic Analysis, Security Monitoring

Incident Response: Web and System Attack – MP

Scenario Information

You part of the Official National Organization (ONO) Blue Team, tasked with defending and responding to outsider attacks.

A few days ago your team received a threat intel report stating that an unknown hacker collective is demanding a ransom payment from your organization, otherwise they have threatened to carry out an imminent attack against your publicly-facing website and other IT assets.

You and your team have been tasked to identify, defend and respond against any such attacks.

What you will learn

  • Reviewing network traffic logs
  • Reviewing web application logs
  • Finding and fixing vulnerabilities in web application source code

Technical Details

  • This scenario is comprised of the following virtual machines:
    • A virtual machine running the ELK which receives logs from the target hosts.
    • A virtual machine running the ONO website
    • A virtual machine runningĀ  with vulnerable user accounts.
    • A virtual machine running RTIR
    • A virtual machine running a local Ubuntu 18 Package repository
  • All the virtual machines have Beats installed for log shipping.


It is recommended, but not necessary, to be familiar with the following concepts:

  • System Administration
  • Analyzing network traffic logs
  • Analyzing Apache logs
  • Web Application security vulnerabilities
  • Analyzing authentication and system logs