(BTLO/Investigation) - Phishy v1
You have been sent a phishing link. Sadly the threat actor doesn’t know who they were dealing with. From only one phishing link find out all you can about the person responsible and bring them to j...
(BTLO/Challenge) - The Planet's Prestige / Email Analysis
It’s all about an Email Analysis with small CTF-y part CTF is hosted on https://blueteamlabs.online/ Scenario CoCanDa, a planet known as ‘The Heaven of the Universe’ has been havi...
(BTLO/Challenge) - Suspicious USB Stick
One of our clients informed us they recently suffered an employee data breach…can you check the contents on the USB drive? CTF is hosted on https://blueteamlabs.online/ Scenario O...
(BTLO/Challenge) - Network Analysis - Web Shell
The SOC received an alert in their SIEM for ‘Local to Local Port Scanning’ where an internal private IP began scanning another internal system. CTF is hosted on https://blueteamlabs.online/ ...
(BTLO/Challenge) - Memory Analysis - Ransomware
The Account Executive called the SOC earlier and sounds very frustrated and angry. He stated he can’t access any files on his computer and keeps receiving a pop-up stating that his files have been ...
(BTLO/Investigation) - Total Recall
Microsoft Defender Antivirus has been there for over a decade now. It provides security against known threats until it has not been tampered with. CTF is hosted on https://blueteamlabs.online/ ...
(BTLO/Challenge) - Malicious PowerShell Analysis
Recently the networks of a large company named GothamLegend were compromised after an employee opened a phishing email containing malware. Scenario Recently the networks of a large company named...
(BTLO/Security Operations) - Defaced
After his pharmaceutical website was compromised, had the database dumped and the homepage defaced, Mike decided it was time to take security seriously and investigate what happened to prevent it i...
Miner
Our detection team reported that they receive an IDS alert related to reconnaissance but they were unable to read the traffic as it was encrypted. Pcap files and analysis tools are available on the...
(BTLO/Investigation) - Pretium
The Security Operations Center at Defense Superior are monitoring a customer’s email gateway and network traffic (Crimeson LLC). CTF is hosted on https://blueteamlabs.online/ Scenario ...
(BTLO/Investigation) - Bad Logic
During standard servicing & patching of our server the sysadmins were denied access to their Administrator account. CTF is hosted on https://blueteamlabs.online/ Scenario Duri...