Log Analysis
Incident Report: Suspicious Activity in Web Server Logs
You are working as a SOC analyst, monitoring web server logs for potential threats. During your investigation, you detect multiple attack attempts, including SQL injection, directory traversal, brute-force login attempts, and remote code execution (RCE). Malicious actors are repeatedly testing the application using suspicious payloads and automated scanners. Some requests attempt to access sensitive files, while others target unauthorized logins. The attack patterns indicate persistent exploitation efforts. To mitigate risks, you recommend restricting unauthorized IPs, enhancing logging and monitoring, validating user inputs, and encrypting sensitive data to prevent unauthorized access and detect threats proactively.
Question 1.
Identify the SQL injection attempt in the logs and locate the injected query
Question 2.
Find an XSS attack attempt in the logs. The attacker is trying to execute JavaScript on the target
Question 3.
Identify a directory traversal attempt where the attacker tries to access restricted files.
Question 4.
Identify the brute-force login attempts and report the IP address or behavior.
Question 5.
Identify an attempt to perform a time-based SQL injection (using sleep).