The Italian Honey Project

The FC5:  Log Mysteries   has started last week thanks of the collaboration of   Raffael Marty, Anton Chuvakin f and  Sebastien Tricaud.

Everybody is welcome to participate to this intriguing challenge !

Below are the instructions of the challange :

The Challenge:
Analyze the attached sanitized_log.zip and answer the following questions:

1. Was the system compromised and when? How do you know that for sure? (5pts)
2. If the was compromised, what was the method used? (5pts)
3. Can you locate how many attackers failed? If some succeeded, how many were they? How many stopped attacking after the first success? (5pts)
4. What happened after the brute force attack? (5pts)
5. Locate the authentication logs, was a bruteforce attack performed? if yes how many? (5pts)
6. What is the timeline of significant events? How certain are you of the timing? (5pts)
7. Anything else that looks suspicious in the logs? Any misconfigurations? Other issues? (5pts)
8. Was an automatic tool used to perform the attack? if yes which one? (5pts)
9. What can you say about the attacker’s goals and methods? (5pts)

Bonus. What would you have done to avoid this attack? (5pts)

This is the website of the challenge where you can find any other detail.

Enjoy!