🔬 Room 01 — Mumucorp Day 1
Your mission: Mumucorp's SIEM ingested 24 hours of events. Five suspicious patterns are hidden. Find them with SQL.
Show the 5 hidden incidents (spoiler)
- Brute-force login attempts against
adminfrom a single external IP - Data exfiltration — a user downloads > 500 MB in a few hours
- Lateral movement — service account hits many hosts in minutes
- After-hours admin login (between 02:00 and 05:00)
- Impossible travel — same user logs in from two countries minutes apart
SQL Editor
Results will appear here