Difficulty
intermediate
Average duration
1 hrs
Technologies
reverse-shell
post-exploitation
cybersecurity
linux
blue-team
threat-hunting
incident response
Difficulty
intermediate
Average duration
1 hrs
Technologies
reverse-shell
post-exploitation
cybersecurity
linux
blue-team
threat-hunting
incident response
In this lab, you’ll face a live incident response scenario. A production Ubuntu server has been compromised, and it is suspected that the attackers have left behind persistent access mechanisms.
Your role as a Blue Team analyst is to inspect the environment, identify all malicious access points, and help restore control of the server.
In this lab, you will practice:
👉 This challenge uses a virtual machine designed for post-exploitation scenarios.
1https:/cybersecurity-machines/emergency-lab.ova
analyst:4geeks-lab
. The terminal will already be active at the beginning of the exercise.You have logged into a production Ubuntu server after the monitoring team detected suspicious outbound traffic. All signs suggest that the attacker has established persistence mechanisms that remain active.
Your task is to thoroughly inspect the system, identify any malicious artifacts that keep the attacker in control, and neutralize them. Evidence indicates that the access points are carefully hidden.
Once you believe you’ve identified all four persistence mechanisms, run the following command in the terminal:
1validate_lab
The system will prompt you to enter the absolute paths of the malicious files, one by one. If all paths are correct, you’ll get what you’re looking for.
Now it's your turn to think like a true Blue Team analyst. Recovering the server depends on you!
Good luck, Analyst!
Difficulty
intermediate
Average duration
1 hrs
Technologies
reverse-shell
post-exploitation
cybersecurity
linux
blue-team
threat-hunting
incident response
Difficulty
intermediate
Average duration
1 hrs
Technologies
reverse-shell
post-exploitation
cybersecurity
linux
blue-team
threat-hunting
incident response
Difficulty
intermediate
Average duration
1 hrs
Technologies
reverse-shell
post-exploitation
cybersecurity
linux
blue-team
threat-hunting
incident response
Difficulty
intermediate
Average duration
1 hrs
Technologies
reverse-shell
post-exploitation
cybersecurity
linux
blue-team
threat-hunting
incident response
Difficulty
intermediate
Average duration
1 hrs
Technologies
reverse-shell
post-exploitation
cybersecurity
linux
blue-team
threat-hunting
incident response
Difficulty
intermediate
Average duration
1 hrs
Technologies
reverse-shell
post-exploitation
cybersecurity
linux
blue-team
threat-hunting
incident response