ZeroDay Labs, Cyber Range
Dashboard
Tracks
Admin
Edit lab
Editing def-powershell-review
{ "slug": "def-powershell-review", "tags": [ "defensive", "mvp", "guided-lab" ], "flags": [ { "key": "final", "value": "ZDL{def-powershell-review}" } ], "hints": [ { "id": "hint-1", "content": "Start with the most obvious metadata field before diving deeper.", "penaltyPoints": 0 }, { "id": "hint-2", "content": "Correlate timestamps, source identifiers, and the user-facing lure.", "penaltyPoints": 5 } ], "title": "PowerShell Execution Review", "runtime": { "mode": "artifacts_only", "cpuLimit": 1, "exposePorts": [], "templateKey": "defensive-artifact-lab", "memoryLimitMb": 512, "artifactsMountPath": "/lab/artifacts" }, "summary": "Investigate command history and encoded PowerShell usage.", "artifacts": [ { "key": "primary", "path": "artifacts/def-powershell-review.zip", "type": "file", "label": "Primary Lab Artifact", "downloadable": true } ], "questions": [ { "key": "q1", "type": "short_text", "answer": "sample-indicator", "points": 10, "prompt": "What is the main indicator you identified first?", "caseSensitive": false }, { "key": "q2", "type": "short_text", "answer": "isolate and escalate", "points": 10, "prompt": "What action should the analyst take next?", "caseSensitive": false }, { "key": "flag-final", "type": "flag", "answer": "ZDL{def-powershell-review}", "points": 20, "prompt": "Submit the final lab flag.", "caseSensitive": true } ], "trackSlug": "intro-defensive-investigation", "difficulty": "beginner", "trackTitle": "Intro Defensive Investigation", "instructions": [ { "id": "step-1", "title": "Review the scenario", "content": "Read the scenario summary and note the primary investigation goal." }, { "id": "step-2", "title": "Inspect the provided artifact or environment", "content": "Use the artifact downloads or the live container session to gather evidence." }, { "id": "step-3", "title": "Answer the guided questions", "content": "Submit answers and the final flag before time expires." } ], "estimatedMinutes": 25, "timeLimitMinutes": 40, "dbLabId": "88bd4234-5993-48bb-8cec-c1615ddd0397" }