Skip to content
logo
Defence blues
Introduction
  • Red tradecraft
  • Privacy greenhouse
  • Purple crossroads
  • Indigo observatory
  • Contact
Initializing search
    • Blue team @Home
    • Servers without a security team
    • Honeytech for humans
    • Blue team for dev
    • OT and ICS security
    • Counter moves
    • Golem Trust Computing Ltd.
    • Department of Silent Stability
    • The Home for Bewildered Beasts of Legend
    • Archive
      • Digital forensics and incident response
      • Network traffic analysis
      • Security information and event management
        • SIEM and threat intelligence/hunting notes
        • An investigation with Splunk + CKC
        • TryHackMe rooms
        • Puzzles @Cyberdefenders
        • Boss of the SOC v2
          • Introduction
            • What?
            • Why?
            • How?
          • Data dive
          • Web activity investigation
          • Detecting SQL and XSS web application attacks
          • USB attack investigation
          • Investigating FTP
        • Big-Picture view of current real-world attacks
      • Cryptanalysis
      • Reverse engineering
      • Steganography
    • What?
    • Why?
    • How?

    Introduction¶

    What?¶

    THM Room: BOTSv2: Version 2 of the Boss of the SOC (BOTS) competition by Splunk.

    Why?¶

    An interactive forensic investigation room focused on analysing a simulated breach using Splunk, perfect for practicing real-world SIEM skills against attacker lateral movement and data exfiltration scenarios.

    How?¶

    • Data dive

    • Web activity investigation

    • Detecting SQL and XSS web application attacks

    • USB attack investigation

    • Investigating FTP

    2026-05-27 11:27
    © Copyright 2026, TyMyrddin.
    Created using Sphinx 7.2.6. and Sphinx-Immaterial

    Made with love in the Unseen University, 2026, with a forest garden fostered by /ut7