DNS Peeping Tom

Network

Estimated Time

15

Difficulty

Easy

Point Value

10

Query Languages

SPL

Challenge Description

Your DNS logs show a high number of queries for subdomains that don’t exist. Who’s looking where they shouldn’t? Find out what internal machine might be compromised based on the requests they are making.

Log Source Types

Windows DNS Server Logs

MITRE ATT&CK Techniques

T1595 - Active Scanning
T1592 - Gather Victim Host Information
T1590 - Gather Victim Network Information

Getting Started

1

Sign in or create an account to begin the challenge

2

Review the challenge description and log types

3

Click "Start Challenge" to begin your investigation

Ready to start the challenge?

Head to the workspace to begin solving