1 1

LockBit Ransomware - Private Case #27244

LockBit Ransomware - Private Case #27244

$19.99 USD
$19.99 USD
Sale Sold out
Hard
Access Limit
SIEM
Usage

This case is based on a Private Threat Brief. In February 2024, a Windows Confluence server was compromised, leading to a rapid, domain-wide intrusion. You will analyze how attackers used AnyDesk and Metasploit to escalate privileges and ultimately deployed ransomware within hours.

To read more about DFIR Labs click here.

Your access time starts at purchase time. You will receive an email within 5 minutes of purchase with instructions on how to connect to the lab. Enjoy!

Disclaimer

All information in the DFIR Labs and analysis of that information shall be treated as TLP:RED. This classification mandates that the information is not shared publicly or privately without explicit permission from The DFIR Report.

The difficulty of each DFIR Lab case is inherently subjective and may vary based on the participant’s individual skills and experience.

View full details

Customer Reviews

Based on 4 reviews
50%
(2)
0%
(0)
25%
(1)
25%
(1)
0%
(0)
J
Jersey Mike
Kinda Weaksauce

This one could have been way better. It does not meet your definition of hard, first off. You guys could have given the investigator some way better AnyDesk logs. Also, you should have put real web logs in Splunk from the initial compromise. The questions are wayyyy to easy. I also don't understand why you guys can't give the answers after people pay you money, and that $100 for a session is highway robbery.

Thank you so much for your thoughtful review! We’re thrilled that you engaged with our labs, which are crafted from real-world intrusion scenarios. The logs and artifacts collected can sometimes vary because they reflect the authentic complexities of cyber incidents, but we always aim to provide valuable data for investigation.

We understand that the difficulty of the questions can feel a bit subjective, and we strive to create a balanced experience for all participants. Since everyone comes with different skills and experiences, what feels easy to one might be more challenging for another – and that’s all part of the learning journey!

As for the $100 session, this includes a comprehensive walkthrough, guiding you through the investigation process, explaining key decisions, and offering coaching to strengthen your future investigations. We believe this deep dive provides great value with personalized insights and support.

Your feedback means a lot to us, and we’ll definitely take it into account as we continue to improve our labs. Thanks again for sharing your thoughts!

E
Eitan W.
Wasn't that hard

You could unravel the enitre incident with the stats count by _time CommandLine search. and the question about the MD5 was a bit confusing... the MD5 of the stager or the MD5 of the shellcode?

Y
Yaniv G.
Great and fun lab to practice DFIR skills !!

Had a great time investigating and solving the questions.
Good chance to practice DFIR skill, definitely worth doing

A
A.
Great Lab - 10/10

I had a great time taking this lab. Amazing as always! Keep up the great work.