Agent, congratulations your actions on Operation Castle Ivy saved lives, but we are yet to see the full damage that will be caused by the leak, we debriefed the German authorities on the extent of situations and they agreed to co-operate, you will have to look at the German police report and infiltrate any third-party connected to Dr. Ripper and raid their networks and all internal databases.

This Operation contains 4 missions, each with one part.

This guide is meant to be used as a resource and will contain hints in order to help you solve the missions, but it will not contain the actual answers.

If at any time you feel like you need more help please go to either the discussion board or the Discord channel[discord.gg] and there will be fellow agents happy to help you.


The missions and parts are the following:

1. Operation Dark Sentinel - Chapter 1 ( DSL.01 )
   
2. Operation Dark Sentinel - Chapter 2 ( DSL.02 )
   
3. Operation Dark Sentinel - Chapter 3 ( DSL.03 )
   
4. Operation Dark Sentinel - Chapter 4 ( DSL.04 )

The German police report has been uploaded to your local hard drive, your objective is to review all the Intel, infiltrate any third-party connected to Dr. Ripper and raid all their networks and internal databases. Good luck agent.

• Hint 1 – This is as easy as following instructions.
  
  
• Hint 2 – You should check around your folders, the Intel documents are probably in the Nite Team 4 folder since they are related.
  
  
• Hint 3 – In the middle of all that Intel you should find a useful thing.
  
  
• Hint 4 – Maybe there is a domain that you can use in the middle of that Intel
  
  
• Hint 5 – That business card looks promising.
  
  
• Hint 6 – Well, you got a domain name and you know they have a email.
  
  
• Hint 7 – SET Information Gathering tools aside, you've got a great toolkit elsewhere.
  
  
• Hint 8 – You should scan and dig around the network.
  
  
• Hint 9 – Maybe WMI will find something vulnerable.
  
  
• Hint 10 – The "dig" command can be used to index all the ports and technologies of a WMI path.
  
  
• Hint 11 – Searchsploit is always useful when you come by a new technology.
  
  
• Hint 12 – In your localhost there was a property deed connected to someone, maybe if you combine that name with the Kruger ERP Database entity.
  
  
• Hint 13 – Now that you have the rental agreement, you can find a new person, maybe if you combine their name with the Dan Friedel entity you'll find something.
  
  
• Hint 14 – You have found a guest list, make sure to try every name on that list with the representative and the Kruger ERP database and check every document.

The house rental company you found looks promising, it's connected to four other connections and it may lead us to Dr. Ripper's identity, you will gain access to all German civilian and government databases so you can start mapping out the company's connections. Your objectives are to cross-reference Intel with XKeyscore, find and infiltrate any network connected to the rental company and look for external links and other third parties in said networks.

• Hint 1 – This is as easy as following instructions.
  
  
• Hint 2 – You need to use the people from the guest list and a certain German service to discover what company they work for.
  
  
• Hint 3 – Maybe the cab transport will work? Since the people need to get to their work.
  
  
• Hint 4 – Now that you have got the companies as entities, you need to find a way to discover their domains.
  
  
• Hint 5 – Maybe another German service will help.
  
  
• Hint 6 – Companies need to pay taxes.
  
  
• Hint 7 – The German tax database may keep records of payment of each company.
  
  
• Hint 8 – For HookShot, InsuraDebt and Null-Byte you should take a normal approach remember the academy and how to find a vulnerable subdomain.
  
  
• Hint 9 – Sfuzzer and Osintscan should do the trick, they are the easiest way to find a vulnerable subdomain.
  
  
• Hint 10 – With Novelty Publishing you need to be more creative, try to exploit a different kind of weakness.
  
  
• Hint 11 – SET Information Gathering tools aside, you've got a great toolkit elsewhere.
  
  
• Hint 12 – You need to find a external third party, remember it has to be external.
  
  
• Hint 13 – What tool could you use to check external connections, such as packets?
  
  
• Hint 14 – You just need to look for a middleman to find the third party.
  
  Note : There are 4 possible companies you can find through XKeyscore.

Thanks to your work, we have a much stronger understanding of this network, the forensics team has mapped out key assets from the Intel you have gathered so far, and we have marked out 4 compromised ERPs that have been set up by the same person, this could be Dr. Ripper but we don't know yet, agent Patricia Conway tracked down the network administrator of one of the companies with the compromised ERP and got a onigru to trace his activities in the last week. Your objectives are to infiltrate HookShot Games' and find their HR Database, track down the mystery individual, confirm their involvement with another of the compromised company and continue your search on the individual until you find their identity and their role.

• Hint 1 – Dylan mentions that your localhost was updated with new Intel, you should start there.
  
  
• Hint 2 – Now that you have got his daily commute, you can find a way to infiltrate the HR Database.
  
  
• Hint 3 – What tool can you use that uses a time and day while you are connected to a certain network?
  
  
• Hint 4 – Make sure that you are connected to the right network, it's the HookShot's Administrator after all.
  
  
• Hint 5 – Remember the Network Intrusion certification, it had training on a tool that used the wifi to find multiple phones and charted them out depending on what day and time they were connected on.
  
  
• Hint 6 – Now you just need to cross-reference the Intel to find the phone.
  
  
• Hint 7 – Be sure to take a good long look at the phones content, there should be something that pops out.
  
  
• Hint 8 – Those messages look interesting.
  
  
• Hint 9 – They mention an IP that is used as a default server and there is a username and a password, I wonder where you can use that type of information.
  
  
• Hint 10 – Maybe there is a way to browse through the server's files.
  
  
• Hint 11 – Now that you have gained access to the server files, look around for our target and make sure to remember the IP of the server and the username and password.
  
  
• Hint 12 – Now we need to confirm that he was involved with at least one other company out of the ones we found through XKeyscore.
  
  
• Hint 13 – Remember that it's a default server IP, maybe the other companies haven't set up a DNS for the server so the IP should still work.
  
  
• Hint 14 – If you can't find our target in another company, try to search the others.
  
  
• Hint 15 – Now that we confirmed our suspicions we need a way to infect his network.
  
  
• Hint 16 – Some of these ID cards seem to have an interesting detail, an email.
  
  
• Hint 17 – SET Information Gathering tools aside, you've got a great toolkit elsewhere.
  
  
• Hint 18 – Don't forget you can enter an email manually.
  
  
• Hint 19 – Don't forget to scan around the network to see what you can find.
  
  
• Hint 20 – That path seems a bit strange.
  
  
• Hint 21 – Sometimes the path has the username.
  
  
• Hint 22 – Maybe you can run a password attack?
  
  
• Hint 23 – Now that you have his password, you can probably look at the files contained in that path.

Our Intel map is much clearer, Dr. Ripper infiltrated multiple companies posing as an IT consultant specializing in ERP systems, with full interior access he had all the time and resources to compromise the companies, but who is behind all these compromised assets, but most importantly, what do they do with them, we have done a background check on Human Solutions Consulting and they seem to provide IT consulting all over the world, we managed to find their recruitment process on back channels. Your objective is to access the new c2 card which is the start of the recruitment process, pass all the tests and infiltrate the organization.

• Hint 1 – This is as easy as following instructions.
  
  
• Hint 2 – Make sure to connect to the new c2 card.
  
  
• Hint 3 – Make sure to scan the contents of the network.
  
  
• Hint 4 – That directory looks like it can be used somewhere.
  
  
• Hint 5 – Maybe you can look at its contents with Active Directory.
  
  
• Hint 6 – Be sure to pay attention to the Active Directory contents.
  
  
• Hint 7 – You've got a path from WMI and a user and a password from the active directory, where can you use that?
  
  
• Hint 8 – Maybe there's a way to browse the path's files.
  
  
• Hint 9 – That image with "Level 2 Password" looks important, and what about those dots in the bottom right corner?
  
  
• Hint 10 – You've got an ASCII table and dots, I wonder why they have a space between the sequence of dots.
  
  
• Hint 11 – Maybe if you read the dots as two numbers that will help, for example ***** ** is 52.
  
  
• Hint 12 – That ASCII table seems to have a decimal table too, maybe there's a way to correlate the numbers with a letter and get a password from that.
  
  
• Hint 13 – Now that you have the password you can access level 02, hope you payed attention to that Active Directory's content.
  
  
• Hint 14 – There seems to be a image with "Level 3 Password" with weird numbers on the bottom right corner.
  
  
• Hint 15 – Maybe the first number corresponds to a certain image, so for example 15 would be 15.jpg .
  
  
• Hint 16 – There seems to be something weird in the image maybe that's what the second number is for, try looking closer.
  
  
• Hint 17 – That looks like an arrow around the sigil, maybe the second number is a cipher of sorts, maybe rotating the letters.
  
  
• Hint 18 – Now that you have gotten the level 3 password, you can access it, hope you payed attention to that Active Directory's content.
  
  
• Hint 19 – In level 3 it seems that you have a photo of Julius Caeser, a image with random gibberish and a cipher of sorts.
  
  
• Hint 20 – Maybe they are all connected and the picture that has the cipher may be the guidelines for decoding the random gibberish.
  
  
• Hint 21 – How is Caeser connected to all of this?
  
  
• Hint 22 – Now that you have gotten the level 4 password, you can access, remember the Active Directory's contents?
  
  
• Hint 23 – Now it seems the password has to do with a subdomain of sorts and an image depicting a infected network.
  
  
• Hint 24 – That simnight domain seems interesting, maybe you should check it out.
  
  
• Hint 25 – You can either do it the old fashioned way, with sfuzzer and osintscan or you can look at the photo and figure out which of the simnight subdomains is vulnerable.
  
  
• Hint 26 – Make sure to scan and dig around the network to see if you find anything.
  
  
• Hint 27 – There seems to be a path with a vulnerable subdomain.
  
  
• Hint 28 – Searchsploit is always useful when you come by a new technology.
  
  
• Hint 29 – Now that you are in the backup of simnight, make sure to scan around again, there might be something new.
  
  
• Hint 30 – That Active Directory may have some useful information.
  
  
• Hint 31 – It seems to contain a username and a path, I wonder if there's a tool that you can use to get the password.
  
  
• Hint 32 – Now that you have got the password this seems like a dead end, well you can always try this password for level 05.
  
  
• Hint 33 – Level 05's user doesn't follow the format, make sure to go back to the Active Directory in the 37alpha.onion c2 card and check what the username is.