Write-Up: Airbuzzed
Airbuzzed from Xintra.org is a DFIR lab that simulates a full attack chain against a fictional company called Airbuzz. This write-up walks through how I approached each category of questions, covering social engineering, establishing persistence, DLL sideloading, credential dumping, defense evasion, exfiltration, payload execution, and network log analysis. Social Engineering Q1: During a review of the team’s conversation, we discovered that Rebecca Dean sent her public SSH keys to Robbert Carr. These keys are to be added to the code servers, enabling her to start working on the update for the aeromgmt project. Provide the exact SSH keys for Rebecca Dean. ...