I’ve been working in IT since 1999. I started out on Windows 3.1 machines running Token Ring networks. I worked as a sys admin for a little over 11 years before getting tired of it and making the switch to infosec. During my time in the field I’ve worked hundreds of breaches and thousands of malware events.
One of the things I really love about infosec is that you can learn everything you need to succeed on your own. You do not need a 4 year degree to be successful in this field.
Part of that learning for me has been researching and discovering what tools attackers use, how their TTP’s map to the MITRE framework and how they steal data off of a system. It’s one thing to know how to forensically identify these artifacts, but its entirely different to actually know how to do those attacks.
That’s where these VM’s come from. When I was doing attacks against my own test systems, then doing forensics on them to see what was left behind the idea hit me. Why not share these machines and attacks with the community? So here they are, the attacks might not be the most “1337” but I’ve done my best to utilize tools that I have seen in the wild as a DFIR consultant as well as mapping the TTP’s to real attacker behavior.
Hopefully these challenges are useful for you and you can discover something new
Thanks for reading – Chris