Edit lab

Editing ws-lateral-movement-smb

{
  "slug": "ws-lateral-movement-smb",
  "tags": [
    "wireshark",
    "mvp",
    "guided-lab"
  ],
  "flags": [
    {
      "key": "final",
      "value": "ZDL{ws-lateral-movement-smb}"
    }
  ],
  "hints": [
    {
      "id": "hint-1",
      "content": "Start with the most obvious metadata field before diving deeper.",
      "penaltyPoints": 0
    },
    {
      "id": "hint-2",
      "content": "Correlate timestamps, source identifiers, and the user-facing lure.",
      "penaltyPoints": 5
    }
  ],
  "title": "SMB Lateral Movement Clues",
  "runtime": {
    "mode": "docker_compose",
    "cpuLimit": 1,
    "exposePorts": [],
    "templateKey": "wireshark-pcap-lab",
    "memoryLimitMb": 512,
    "artifactsMountPath": "/lab/artifacts"
  },
  "summary": "Trace suspicious SMB activity across hosts.",
  "artifacts": [
    {
      "key": "primary",
      "path": "artifacts/ws-lateral-movement-smb.pcapng",
      "type": "pcap",
      "label": "Primary Lab Artifact",
      "downloadable": true
    }
  ],
  "questions": [
    {
      "key": "q1",
      "type": "short_text",
      "answer": "sample-indicator",
      "points": 10,
      "prompt": "What is the main indicator you identified first?",
      "caseSensitive": false
    },
    {
      "key": "q2",
      "type": "short_text",
      "answer": "isolate and escalate",
      "points": 10,
      "prompt": "What action should the analyst take next?",
      "caseSensitive": false
    },
    {
      "key": "flag-final",
      "type": "flag",
      "answer": "ZDL{ws-lateral-movement-smb}",
      "points": 20,
      "prompt": "Submit the final lab flag.",
      "caseSensitive": true
    }
  ],
  "trackSlug": "wireshark-fundamentals",
  "difficulty": "intermediate",
  "trackTitle": "Wireshark Fundamentals",
  "instructions": [
    {
      "id": "step-1",
      "title": "Review the scenario",
      "content": "Read the scenario summary and note the primary investigation goal."
    },
    {
      "id": "step-2",
      "title": "Inspect the provided artifact or environment",
      "content": "Use the artifact downloads or the live container session to gather evidence."
    },
    {
      "id": "step-3",
      "title": "Answer the guided questions",
      "content": "Submit answers and the final flag before time expires."
    }
  ],
  "estimatedMinutes": 20,
  "timeLimitMinutes": 30,
  "dbLabId": "aed9e981-07e2-45a5-9ac6-6041ebe57abe"
}