Fun Project Honeynet Log Challenge: Log Mysteries

By Anton Chuvakin
September 1, 2010

Project Honeynet just released its latest Forensic Challenge 5 - Log Mysteries. It is based on logs from a compromised virtual server and requires quite a bit of digging through messy log data.


The Challenge:
Analyze the attached sanitized_log.zip [A.C. - get the logs here] and answer the following questions:

  1. Was the system compromised and when? How do you know that for sure? (5pts)

  2. If the was compromised, what was the method used? (5pts)

  3. Can you locate how many attackers failed? If some succeeded, how many were they? How many stopped attacking after the first success? (5pts)

  4. What happened after the brute force attack? (5pts)

  5. Locate the authentication logs, was a bruteforce attack performed? if yes how many? (5pts)

  6. What is the timeline of significant events? How certain are you of the timing? (5pts)

  7. Anything else that looks suspicious in the logs? Any misconfigurations? Other issues? (5pts)

  8. Was an automatic tool used to perform the attack? if yes which one? (5pts)

  9. What can you say about the attacker's goals and methods? (5pts)


Bonus. What would you have done to avoid this attack? (5pts)

Go get the challenge here and get to solving it - you have about a month. And, yes, there will be prizes too!


You might also be interested in:

News Topics

Recommended for You

Got a Question?