Skip to content
/ Clue Public

An intro to digital forensics and incident response challenge!

Notifications You must be signed in to change notification settings

SJUACM/Clue

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
 
 
 
 
 
 
 
 

Repository files navigation

SJU ACM Clue

HELP! St. John’s University has been HACKED, and SJU ACM members have been recruited to investigate. Put your digital forensics and incident response skills to the test by investigating the attack to figure out who did it, where they did it, and what malware they used.

A Hack at St. John's

SJU ACM Clue Thumbnail - Copy

The day is Thursday, October 5. The St. John’s ACM Student Chapter club is meeting for its second meeting of the Fall 2023 semester. Upon entering the cyber lab, the club is met with a terrifying discovery: St. John’s University has been HACKED! The only piece of evidence left behind by the attacker is a USB drive. St. John’s IT was able to estimate that the hack occurred at approximately 12 pm on Thursday, October 5, however, they suspect that a member of the SJU ACM e-board was behind it all. To assist in the investigation, the members of SJU ACM have agreed to examine the contents of the USB drive in hopes of uncovering the true identity of the culprit. It’s up to you to figure out who did it, where they did it, and what malware they used.

Download the USB drive image here.

Download the slides (including a list of the possible culprits, locations, and malware) here.

Got stuck? Watch the walkthrough video here.

An Incident in the Cloud

SJU ACM Clue Pt  2 Thumbnail

The day is Wednesday, April 17. The St. John’s ACM Student Chapter e-board is collaborating on their cloud platform to design a new workshop for their members. Upon logging in, they’re met with an alert in their SIEM indicating that one of their workstations may have been infected with malware! The alert shows that a mysterious command was run on David’s workstation, however, David claims that he was not logged into his workstation at the time of the alert and suspects that someone else on the e-board must have been the one behind this incident. The members of SJU ACM have agreed to investigate the alert in hopes of uncovering the true identity of the culprit. It’s up to you to figure out who did it, where they did it, and what malware they used.

Download the slides (including a list of the possible culprits, locations, and malware) here.

Watch the walkthrough video here.

Learn how it was made here.

About

An intro to digital forensics and incident response challenge!

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published