(Log analysis )
Day 2: One man’s false positive is another man’s potpourri.
Answer the questions below :
What is the name of the account causing all the failed login attempts?
Ans : service_admin
How many failed logon attempts were observed?
Ans : 6791
What is the IP address of Glitch?
Ans :10.0.255.1
When did Glitch successfully logon to ADM-01? Format: MMM D, YYYY HH:MM:SS.SSS
Ans : Dec 1, 2024 08:54:39.000
What is the decoded command executed by Glitch to fix the systems of Wareville?
Ans : Install-WindowsUpdate -AcceptAll -AutoReboot
If you enjoyed this task, feel free to check out the Investigating with ELK 101 room.
No Answer Needed
Visit Again soon for the next set of Writeups 🙂 👽