017
EXH-0172020Fictional reconstruction
tmsh Exit Code 0
July 2020. CVE-2020-5902 drops: unauthenticated attackers can run arbitrary commands through the Traffic Management User Interface. Your SOC ships a block rule at 03:00 local, already late.
Type
Modern / Cloud
Difficulty
Intermediate
Era
2020s
Time
8 min
Briefing
No BIG-IP binary lives here, only text proxies. Prove you can spot path-normalisation tricks public write-ups called out.
Your role
SOC analyst replaying vendor IOC guidance after missing the first twelve hours of scanning.
Objective
Correlate the advisory snippet with suspicious requests in a stub access log.
Terminal environment
- user
- soc
- host
- dmz-monitor
- cwd
- /var/log/f5-tabletop
- steps
- 3
Enter the terminalAbout 8 minutesSafe simulation
Safety note. This is a safe reconstruction. All systems, files, hosts, credentials, and outputs are simulated. Do not use these techniques on systems you do not own or have explicit permission to test.