7: Conclusion

Congratulations on completing the investigation, defender! Believe it or not, this exercise was based on real-world compromises, following this exact attack pattern. And that obfuscated shell? This is a technique frequently used by real-world attackers against PHP sites like WordPress blogs.

With your notes in hand, try to answer the big questions from the beginning of the case:

  1. When did the attack take place?
  2. How did the attackers gain initial access to the site?
  3. How did they establish persistence?
  4. What were the attackers unable to do?
  5. What was the impact of the attack?
  6. How could this have been prevented?

If you're interested, we've provided an answers page you can check against your own work. We've included answers to the questions we asked along the way as well.

Feedback

Please consider filling out this brief form to let us know how you liked the lab! We'd love to make these experiences even better in the future.

Thank you!

We hope you've enjoyed this lab as much as we enjoyed putting it together. If you did, you may enjoy some of the other learning materials available for free at The Taggart Institute.

Enjoy PancakesCon!

results matching ""

    No results matching ""