A blue-team walkthrough of the CyberDefenders Openfire challenge using Wireshark and Zui: recovering the CSRF token and credentials, tracing the malicious plugin upload and reverse shell, and identifying the exploited CVE.
A host-based forensics walkthrough of the ShadowCitadel challenge: following the attack from a malicious email attachment through a PowerShell downloader and second-stage executable to the C2 beacon IP and persistence mechanisms.
A blue-team walkthrough of the CyberDefenders XLMRat challenge: tracing the first-stage download URL and hosting provider from the PCAP, hashing the loader and executable payloads, and identifying the malware family and the LOLBin used for stealthy execution.
A blue-team walkthrough of the CyberDefenders WebStrike challenge: analyzing the PCAP to find the attack’s geographic origin and user agent, the uploaded web shell and its port, the upload directory, and the file targeted for exfiltration.