Sherlock

Blue Team Defensive Security Challenges

Hack The Box Sherlock challenges focus on defensive security skills including digital forensics, incident response, log analysis, and threat hunting. Each writeup provides detailed analysis of the investigation process.

Challenge Categories

DFIR

Digital Forensics & Incident Response

Log Analysis

Security log investigation and correlation

Threat Hunting

Proactive threat detection and analysis

Memory Forensics

RAM analysis and artifact extraction

Writeups

EasyDFIR

Whisper

Investigating unauthorized offensive activity on a corporate workstation through registry forensics, prefetch analysis, browser history, shellbag analysis, event log correlation, and SAM hash extraction with password cracking.

EasySOC

Packet Puzzle

Reconstructing a complete attack chain from a PCAP file: SYN scan detection, CVE-2024-4577 PHP CGI argument injection exploitation, PowerShell reverse shell reconstruction, and failed GodPotato privilege escalation analysis using tshark and capinfos.

MediumDFIR

HookFlare

Android banking trojan investigation: SMS phishing, APK decompilation with jadx, Chrome timestamp forensics, Android appops permission tracking, PCAP analysis, and AES decryption of exfiltrated payment data.