VPN You Later

VPN

Estimated Time

30

Difficulty

Easy

Point Value

15

Query Languages

SPL

Challenge Description

A VPN account that hasn’t been used in months just logged in from a high-risk country. Perform a threat hunt on suspicious logins from VPN anonymizers to discover what account was compromised and what VPN providers should likely be blocked at the perimeter.

Log Source Types

Cisco AnyConnect VPN Logs

MITRE ATT&CK Techniques

T1110.003 - Password Spraying
T1133 - External Remote Services

Getting Started

1

Sign in or create an account to begin the challenge

2

Review the challenge description and log types

3

Click "Start Challenge" to begin your investigation

Ready to start the challenge?

Head to the workspace to begin solving