Final Boss II - Forensic Analysis and Reverse Engineering

Final Boss II – Forensic Analysis and Reverse Engineering

A prestigious AI company suffered a remote intrusion outside of business hours. Manipulation was detected on the backup server and the execution of an unauthorized binary, along with a password-protected compressed file. You have been summoned as a forensic analyst to reconstruct the events. You will receive a controlled copy of the evidence extracted from the compromised server.

In this lab, you will learn:

• Forensic analysis from collected files.
• Interpretation of system event logs.
• Recognition of anomalous patterns.

🌱 How to start this lab

👉 This challenge is solved within a pre-configured virtual machine for forensic analysis. You do not need to access the compromised system or use external tools; you will analyze already collected files.

Download the virtual machine from:

1https://storage.googleapis.com/cybersecurity-machines/final-boss-forensic-analysis.ova

1. Import the VM into VirtualBox.
2. Start the VM and log in as user analyst:4geeks-lab.
3. Once inside the VM, you will find all the case files organized in a specific location in the analyst's user directory. Your first task will be to locate this evidence folder.

Your Mission

According to the preliminary report, on June 12, a remote session initiated by a system user was recorded outside of business hours, marking the beginning of the attack. The cybersecurity team has provided you with key evidence from the compromised server (Windows Server) for your analysis on this secure Linux lab machine. Everything you need is there. Examine the files to reveal what happened and reconstruct the events.

Forensic investigators are awaiting your conclusions. If you manage to decipher the protected evidence and reconstruct the events, you will find what many seek and few find.

💡 Tips

• Do not execute anything. The analysis is post-mortem. Use only read-only tools.

Are you ready to face the final challenge?

Good luck, Forensic Analyst!