Scope. A company web server was compromised via the hosted site. The team captured a forensic disk image and a live memory dump in time for offline analysis. Artifacts for this walkthrough: archive.org: dfir-case1.
Web layer. Apache access and error logs show repeated OWASP-style abuse: SQL injection (including attempted INTO OUTFILE / upload-style payloads), reflected XSS, local file inclusion / path traversal, and an IDS log-clear request consistent with covering tracks on the app.
In the heart of Golang Country stands GETI City - a metropolis where technology and ambition touch the sky…
Scene 1: The City
The winter wind howls through GETI City’s glass-and-steel canyons, carrying whispers of digital secrets between towering skyscrapers. Neon signs pierce the darkness, their glow reflecting off the frost-covered windows of Brukley Company’s cybersecurity headquarters.
