A system of your company is communicating with a strange IP address. Before containing the system, a virtual memory image has been taken from that system. The goal is to find the root cause. This investigation include a pdf and memory investigation. PDF documents with embedded malicious JavaScript are sometimes used by threat agents to attempt their initial access. This article gives you an example of malicious pdf file investigation through a challenge from Cyberdefenders.
As a SOC analyst, a suspicious document is received by a user. One of your colleagues told you that he could not find anything suspicious. However, throwing the document into the sandboxing solution triggered some alerts. The goal is to investigate the document further and confirm whether it's malicious or not.
Excel macros are so popular among the threat actor to start their attack. Many unaware users do not hesitate to open any kind of file. It is very common to focus on the end user to get a foothold in the target company by a threat agent because attackers know that one of the most vulnerable part in a company are the end users. This article is an example of malicious excel file investigation.
Microsoft office documents with embedded malicious macros are becoming more popular for threat agents to infect naive users. This article gives you an example of malicious document investigation through a challenge from Cyberdefenders.