CTF Scenario: Investigating A Breach For Magnum Tempus Financial
Join us live on 23rd October at 1:30 PM EST for our upcoming webinar where we will work through the Blue Team Village CTF Investigating A Breach For Magnum Tempus Financial.
https://ctf.blueteamvillage.org/docs/ctf-obsidian
Incident Overview
In mid-July 2024, Magnum Tempus Financial found itself in the midst of a catastrophic breach. While the investigation was still underway, a major incident causing widespread disruptions across cloud service providers occurred. This unforeseen event severely impacted the security monitoring systems and the integrity of the retained incident data, complicating an already challenging forensic investigation.
The Breach
An advanced adversary infiltrated Magnum Tempus’s infrastructure, deploying multiple implants within the Windows domain. These implants were meticulously designed for persistence, leveraging well-known command and control (C2) channels. The attack led to extensive enumeration, exfiltration, and potential data loss, all while the security team struggled to manage the fallout.
The Challenge
In response to the unfolding disaster, disaster recovery strategies were quickly enacted. Efforts were focused on recovering what historical log data was available, but the recovery process was far from perfect. The log data, which had been rehydrated into the security logging and monitoring systems, is now fragmented, corrupted, and less than optimal.
The Mission
As part of this webinar, we will
- Analyze the recovered log data,
- Uncover hidden clues, and reconstruct the sequence of events that led to the breach.
- Produce a coherent narrative of what transpired.
Our findings will help Magnum Tempus not only to understand the full scope of the attack but also to fortify their defenses against future threats.
Webinar duration: 45 minutes
Can’t attend live? Register anyway and we’ll send you the recording after the webinar!
Project Obsidian CTF:
https://ctf.blueteamvillage.org/docs/ctf-obsidian
Download Logs:
https://github.com/blueteamvillage/Project-Obsidian-DC31