Another day, another challenge…
In this post, we’re starting a new series the Advent of Cyber series that is hosted by TryHackMe. This is the third year of the Advent of Cyber where a challenge is released everyday leading to Christmas. In total there will be 25 challenges. In these challenges, we’re McSkidy an elf trying to save Christmas.
In our eighth challenge, we’re presented with a scenario where Santa’s laptop that is used to prepare his bag of toys is missing. Oh no! It’s alleged that a minion from the Grinch Enterprise has stolen it and we need make sure that is the case. Besides Santa’s laptop being stolen we realized that the laptop was also compromised. While we don’t have the physical laptop, we do have logs that we can review.
The topic explored in this challenge are PowerShell Transcription Logs. These Transcription Logs can be viewed to see what PowerShell commands were executed to see what happened on a server or laptop *hint, hint*.
Can McSkidy find who stole the laptop and recover Santa’s bag of toys? Find out below!
If you enjoy my content, buy me a coffee. Link –> http://buymeacoffee.com/thefluffy007
