✍️
CTF / Challenges / Boxes
  • ✍️CTF / Challenges / Boxes
    • 💬About me
  • TryHackMe
    • TryHackMe
      • Easy
        • Anonforce
        • Bounty Hacker
        • Brooklyn Nine Nine
        • Coldbox
        • Dav
        • Gaming Server
        • Ignite
        • Lazy Admin
        • Lian_Yu
        • Library
        • Plotted-TMS v3
        • Root Me
        • Simple CTF
        • Startup
        • Thompson
        • Wgel CTF
        • ToolsRus
        • Road
      • Medium
        • 0day
        • Anonymous
        • Haskell
        • Relevant
        • Mr Robot CTF
        • Road
  • HACK THE BOX
    • Hack the Box
      • Easy
        • Beep
        • Mirai
        • Keeper
        • Sau
        • Blue
        • Cap
        • Knife
        • Bashed
        • Nibbles
        • Cozy Hosting
        • Validation
        • Legacy
        • Antique
        • Pilgrimage
        • Wifinetic
        • ScriptKiddie
        • Explore
        • Horizontall
        • Blocky
        • Bank
        • Blunder
  • LetsDefend
    • LetsDefend
      • PRACTICE WITH SOC ALERTS
        • SOC146
        • SOC140
        • SOC114
        • SOC120
        • SOC141
        • SOC165
        • SOC168
        • SOC167
        • SOC169
        • SOC170
        • SOC104_ID14
      • CHALLANGES
        • Malicious Doc
        • Malicious VBA
Powered by GitBook
On this page
  1. LetsDefend
  2. LetsDefend
  3. PRACTICE WITH SOC ALERTS

SOC170

Last updated 1 year ago

  1. SOC170 - Passwd Found in Requested URL - Possible LFI Attack.

  1. Checking source IP address on VirusTotal.

AbusePDB results:

Source IP address looks malicious.

  1. Checking malicious IP in Log Management.

RAW:

As we can see, it was an LFI attack.

  1. Playbook answers: