Edit lab

Editing def-powershell-review

{
  "slug": "def-powershell-review",
  "tags": [
    "defensive",
    "mvp",
    "guided-lab"
  ],
  "flags": [
    {
      "key": "final",
      "value": "ZDL{def-powershell-review}"
    }
  ],
  "hints": [
    {
      "id": "hint-1",
      "content": "Start with the most obvious metadata field before diving deeper.",
      "penaltyPoints": 0
    },
    {
      "id": "hint-2",
      "content": "Correlate timestamps, source identifiers, and the user-facing lure.",
      "penaltyPoints": 5
    }
  ],
  "title": "PowerShell Execution Review",
  "runtime": {
    "mode": "artifacts_only",
    "cpuLimit": 1,
    "exposePorts": [],
    "templateKey": "defensive-artifact-lab",
    "memoryLimitMb": 512,
    "artifactsMountPath": "/lab/artifacts"
  },
  "summary": "Investigate command history and encoded PowerShell usage.",
  "artifacts": [
    {
      "key": "primary",
      "path": "artifacts/def-powershell-review.zip",
      "type": "file",
      "label": "Primary Lab Artifact",
      "downloadable": true
    }
  ],
  "questions": [
    {
      "key": "q1",
      "type": "short_text",
      "answer": "sample-indicator",
      "points": 10,
      "prompt": "What is the main indicator you identified first?",
      "caseSensitive": false
    },
    {
      "key": "q2",
      "type": "short_text",
      "answer": "isolate and escalate",
      "points": 10,
      "prompt": "What action should the analyst take next?",
      "caseSensitive": false
    },
    {
      "key": "flag-final",
      "type": "flag",
      "answer": "ZDL{def-powershell-review}",
      "points": 20,
      "prompt": "Submit the final lab flag.",
      "caseSensitive": true
    }
  ],
  "trackSlug": "intro-defensive-investigation",
  "difficulty": "beginner",
  "trackTitle": "Intro Defensive Investigation",
  "instructions": [
    {
      "id": "step-1",
      "title": "Review the scenario",
      "content": "Read the scenario summary and note the primary investigation goal."
    },
    {
      "id": "step-2",
      "title": "Inspect the provided artifact or environment",
      "content": "Use the artifact downloads or the live container session to gather evidence."
    },
    {
      "id": "step-3",
      "title": "Answer the guided questions",
      "content": "Submit answers and the final flag before time expires."
    }
  ],
  "estimatedMinutes": 25,
  "timeLimitMinutes": 40,
  "dbLabId": "88bd4234-5993-48bb-8cec-c1615ddd0397"
}