SOC176 – RDP Brute Force Detected Walkthrough (EventID: 234)
Feb 15 · 4 min read · Today, we’re investigating another LetsDefend alert: SOC176 – RDP Brute Force Detected (EventID: 234). This alert focuses on suspicious Remote Desktop Protocol (RDP) activity that may indicate a brute force attack. 🔎 Alert Overview The alert det...
Join discussion
SOC138 – Detected Suspicious XLS File | SOC Alert Walkthrough
Feb 2 · 3 min read · In this blog, I will walk through the investigation of SOC138 – Detected Suspicious XLS File, performed on the Letsdefend.io platform. The objective of this analysis is to identify whether the detected file is malicious, determine host impact, and va...
Join discussion
Lockdown Lab | CyberDefenders Writeup
Sep 23, 2025 · 4 min read · Questions: After flooding the IIS host with rapid-fire probes, the attacker reveals their origin. Which IP address generated this reconnaissance traffic? IIS is a flexible and extensible web server software developed by Microsoft for Windows operat...
Join discussion
GrabThePhisher Lab | CyberDefenders Writeup
Sep 12, 2025 · 2 min read · Questions: Which wallet is used for asking the seed phrase? Before this, I had no idea what seed phrases were. If you wanted to know what they were, they are human-readable, multi-word backup phrase used to recover a cryptocurrency wallet and its ...
Join discussion
IcedID Lab | CyberDefenders WriteUp
Sep 9, 2025 · 2 min read · Questions: What is the name of the file associated with the given hash? Paste the hash into VirusTotal and go to the Details tab. You should see the file name here. Answer: document-1982481273.xlsm Can you identify the filename of the GIF file th...
Join discussion
DanaBot Lab | CyberDefenders Writeup
Jun 21, 2025 · 2 min read · Scenario: The SOC team has detected suspicious activity in the network traffic, revealing that a machine has been compromised. Sensitive company information has been stolen. Your task is to use Network Capture (PCAP) files and Threat Intelligence to ...
Join discussion
Red Stealer Lab | CyberDefenders Writeup
Jun 20, 2025 · 3 min read · Scenario: You are part of the Threat Intelligence team in the SOC (Security Operations Center). An executable file has been discovered on a colleague's computer, and it's suspected to be linked to a Command and Control (C2) server, indicating a poten...
Join discussion
Amadey Lab | CyberDefenders Writeup
Jun 17, 2025 · 3 min read · Scenario An after-hours alert from the Endpoint Detection and Response (EDR) system flags suspicious activity on a Windows workstation. The flagged malware aligns with the Amadey Trojan Stealer. Your job is to analyze the presented memory dump and cr...
Join discussion
WebStrike | CyberDefenders Lab Walkthrough
Jun 16, 2025 · 2 min read · Introduction: Hey everyone! Been a while since I posted a writeup on here. I was super busy with university and stuff but now i’m going to go back to writing CTF write ups! Here’s the link to the lab: https://cyberdefenders.org/blueteam-ctf-challenge...
Join discussion