Cloud Shadow

Forensics 200 pts standard
Challenge Description

Security detected suspicious internal email access without password resets or MFA prompts. Investigation suggests OAuth app abuse and token replay across cloud services.

Files
↓ audit_oauth.json ↓ conditional_access.txt ↓ decoy_oauth_apps.json ↓ entra_signins.csv ↓ mail_trace.log ↓ mixed_case_telemetry.log ↓ noise.log ↓ noise_expanded.log
Submit Flag

Login to submit a flag.

← All Challenges