The Open University
Browse

Compromised Windows Server 2022 (simulation)

dataset
posted on 2024-06-24, 13:40 authored by Benjamin Donnachie, Patrick WongPatrick Wong, Ian KennedyIan Kennedy, Adrian Hopgood

Simulated network intrusion as part of research to develop artificial intelligence / machine learning for post-breach triage. All information contained within the image (including but not limited to usernames and IP addresses) is synthetic.

Simulated UK-based small office network running from Sept 2023 to Feb 2024. The administrator opened RDP to facilitate working from home. As part of the scenario, on 12th Feb 2024 discovered the server was no longer responding with 'Red Petya' ransomware displayed on the screen. Forensic experts were engaged, the disk decrypted and a forensic image taken in EnCase E01 format (also known as Expert Witness Format).

Many thanks to my PhD supervisors, Prof Adrian Hopgood, Dr Patrick Wong and Dr Ian Kennedy. Thanks also to CMU Ghosts, VirtualBox, generatedata.com, Kali Linux, GreyNoise.io and many more.

For further information, see the README.TXT file. To request ground truth for research purposes, please contact Benjamin Donnachie using benjamin.donnachie@open.ac.uk

History

Research Group

  • Centre for Research in Computing (CRC)

Usage metrics

    Faculty of Science, Technology, Engineering and Mathematics (STEM)

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC