Advent of Cyber 2022 — [Day 2] Log Analysis Santa’s Naughty & Nice Log

Ivo Martins
Dec 3, 2022

--

❓Use the ls command to list the files present in the current directory. How many log files are present?

2

❓Elf McSkidy managed to capture the logs generated by the web server. What is the name of this log file?

webserver.log

❓On what day was Santa’s naughty and nice list stolen?

Friday

❓What is the IP address of the attacker?

10.10.249.191

❓What is the name of the important list that the attacker stole from Santa?

santaslist.txt

❓Look through the log files for the flag. The format of the flag is: THM{}

THM{STOLENSANTASLIST}

📃Resources:

Windows Event Logs room

Endpoint Security Monitoring Module

--

--

No responses yet