Challenge: Back to the Cereal

FREE

This weekly challenge will have you analyze a $MFT Windows artifact to identify unauthorized activity. The goal is to see from a blue teamer's point of view the actions an unauthorized user may take on a victim's system when an attacker wants to hide their activity.

Time
1 hour
Difficulty
Beginner
Share
NEED TO TRAIN YOUR TEAM? LEARN MORE
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Sign up with Google
Sign up with Apple
Sign up with Microsoft
View all SSO options

Already have an account? Sign In »

Course Content
The Importance of Timestomp Activity
1h
Course Description

Blue Team POV: System Analysis

In this weekly challenge, you will analyze a compromised system $MFT file related to attacks targeting NTFS timestamps. This challenge aims to showcase the importance of the $MFT file in a forensics investigation and the importance of timestamps to distinguish abnormal vs. normal activity.

CySeeker Peculiar

Who is this for:

Early career to mid practitioners. This challenge may be difficult for individuals new to cybersecurity, but the difficulty rating on this challenge is relatively low. We encourage using any internet resources and community/colleague assistance in completing the challenge.

Are write-ups permitted?

Yes, write-ups are permitted; please do not post answers directly. All write-ups should include a link to Cybrary and the Cybrary Course.

What resources are available to help solve this challenge?:

Online search, community, colleagues, or fellow practitioners.

Instructed By
Marc Balingit

Marc Balingit

Security Researcher - Incident Response

Instructor
Provider
Cybrary
Certificate of Completion
Certificate Of Completion

Complete this entire course to earn a Challenge: Back to the Cereal Certificate of Completion