Unauthorized Access

Start a security investigation after some suspicious activity was detected.

Ready to take the Challenge?

Read the challenge description above carefully. When you understand the prompt and feel ready to try the challenge, click the "Begin Challenge" button to start.

Feeling Ready?
Begin Challenge

Challenge Description

Your team detected unauthorized access to employee-only resources at 01:04 a.m. server time on May 18th. Start searching!

The data linked in this challenge is meant to be used with the Elastic Security console as part of the MLH Localhost Introduction to Threat Hunting with Elastic module.


In this challenge, we'll ask you to locate a hidden "flag". To find it, you'll need to utilize your problem solving abilities and maybe a bit of code. The flag looks like: flag{some_text_here}. When you find it, you'll need to paste the whole flag in the text box in the header of this page.

This challenge is timed, so read the instructions below carefully before you begin!