Invoice Ghost

Forensics 100 pts standard

Challenge Description

The finance department processed a suspicious vendor payment after an email thread changed bank details. You are asked to investigate whether mailbox compromise happened and identify the fraud indicators.

Files

↓ decoy_iocs.txt ↓ email_thread.eml ↓ invoice_metadata.txt ↓ mailbox_rules.json ↓ mixed_case_telemetry.log ↓ noise.log ↓ noise_expanded.log ↓ o365_audit.csv

Submit Flag

← All Challenges