Velociraptor

Your organization recently discovered a potential security incident involving a critical web server. The Security Operations Center (SOC) detected unusual traffic patterns and suspicious activity targeting this server. Initial investigations suggest that the breach may have been caused by a well-known exploit that has not yet been patched. Due to the critical nature of the web server and the sensitivity of the data it handles, immediate action is required to confirm the breach, contain the threat, and mitigate further risks.

You are provided with network traffic and EDR logs to identify how the attacker gained access and what actions they took.

File Location: /root/Desktop/ChallengeFile/EDR-LOGs.zip