Insider Threats: The Impostor

Insider Threats: The Impostor

Welcome to Systems, Inc., a company specialized in IT infrastructure and management. Today, everything is in crisis — the main website is experiencing intermittent outages, and no one seems to know why. This is no random failure; there are strong signs of sabotage. Someone from the inside has tampered with the system.

Your objective is clear: restore the server's stability and uncover who is behind the sabotage.

This lab will challenge your skills in:

• Exploring Linux-based systems
• Investigating a compromised server

🌱 How to start this lab

1. Download the virtual machine from this link:

1https://storage.googleapis.com/cybersecurity-machines/the_imposter_lab.ova

1. Import the machine into VirtualBox.

2. Log in as user student:4geeks_lab.

Your mission:

From the moment you log in, you'll notice that the web server is offline or unstable. The clues suggest that this is not a technical failure, but rather a deliberate alteration of the system.

The environment contains multiple users, uncommon files, and suspicious configurations. Your mission is to explore carefully, connect the dots, and uncover who has compromised the system.

Validation

If you successfully identified the impostor, use the following command in the terminal to validate their name, You must run this command as the root user:

1validate-imposter-name

This will prompt you for the name of the culprit, and if you're correct, you’ll get what you're looking for.

Think like a cybersecurity detective. Every clue is valuable.

Good luck, Analyst!