Tackling another Lets Defend Challenge, that being the MEDIUM DIFFICULTY "Silent Update" challenge. We are given a compressed UAC capture of an Ubuntu server to analyze and answer 17 questions.
"A public Ubuntu server shows a burst of SSH failures against user `devops` followed by a successful login. Soon after, a hidden binary appears and a new systemd service/timer begins executing it on a schedule. Your job is to confirm the intrusion timeline and persistence using the provided artifacts."
NOTES:
https://github.com/tclahr/uac/blob/main/README.md
