LogChief

MediumThreat Hunting

Overview

A security incident has been detected on one of your organization's web servers. The SOC team has extracted the server logs and needs your expertise to investigate the attack chain. Your mission is to analyze the provided web server logs, identify the attack vectors, and reconstruct the entire attack timeline. When you click "Start Challenge", you'll receive a link to the verification platform. Open this link in your browser to access the interactive question interface. Download the `server.log` file and start analyzing it to find answers to the 10 investigation questions. For each question, enter your answer and click "Check" to get immediate feedback (correct ✅ or incorrect ❌). You can verify answers individually as you find them. Once all 10 answers are correct, the platform will reveal the final flag. Copy this flag and submit it back here on CyberTalents to complete the challenge.   flag format : Flag{}

Lab Details

Prerequisites & Requirements

  • Reading and parsing web server logs (Apache/Nginx formats)
  • Basic knowledge of HTTP methods, response codes, and log structures
  • Familiarity with SQL Injection, Remote Code Execution (RCE), and reverse shell attack chains
  • Basic scripting using Bash, awk, and Python for automation
  • Understanding of MITRE ATT&CK and common CWE vulnerability identifiers

What will you learn?

  • How to analyze massive server logs efficiently
  • How to trace attacker activity from reconnaissance to exploitation
  • How to correlate timestamps, IPs, and payloads to reconstruct a full incident timeline
  • How to identify RCE attempts, exfiltration attempts, and credential compromises from logs

Tools

  • grep, awk, sort, uniq, date: For command-line log parsing
  • python3: For URL decoding and structured parsing
  • jq, wc, head, tail: For counting and inspection
  • Text editor / log viewer (e.g. VSCode, less, or lnav): For viewing and navigating logs
  • CyberChef (optional): For URL decoding and data visualization

Job Positions

Security Analyst

Tags

Web LogsWeb ForensicsTimeline AnalysisIncident ResponseRoot Cause Analysis