Skip to content
logo
Blue team
Introduction
  • Red team
  • Green team
  • Purple team
  • Ty Myrddin
Initializing search
      • Blue team @SOC
        • Network traffic analysis (NTA)
        • Digital forensics and incident response (DFIR)
        • Endpoint detection and response (EDR)
        • Security information and event management (SIEM)
          • SIEM and threat intelligence/hunting notes
          • An investigation with Splunk + CKC
          • TryHackMe rooms
          • Puzzles @Cyberdefenders
          • Boss of the SOC v2
            • Introduction
              • What?
              • Why?
              • How?
            • Data dive
            • Web activity investigation
            • Detecting SQL and XSS web application attacks
            • USB attack investigation
            • Investigating FTP
          • Big-Picture view of current real-world attacks
          • Security Detectors for Wazuh (Mock Mode) @GitHub
      • Blue team for dev
      • Blue team @Home
    • What?
    • Why?
    • How?

    Introduction¶

    What?¶

    THM Room: BOTSv2: Version 2 of the Boss of the SOC (BOTS) competition by Splunk.

    Why?¶

    An interactive forensic investigation room focused on analyzing a simulated breach using Splunk, perfect for practicing real-world SIEM skills against attacker lateral movement and data exfiltration scenarios.

    How?¶

    • Data dive

    • Web activity investigation

    • Detecting SQL and XSS web application attacks

    • USB attack investigation

    • Investigating FTP

    Last update: 2025-05-12 14:39
    Back to top
    Previous Boss of the SOC v2
    Next Data dive
    © Copyright 2025, TyMyrddin.
    Created using Sphinx 7.2.6. and Sphinx-Immaterial

    Made with love in the Unseen University, 2025, with a forest garden fostered by /ut7