category:
difficulty:
easyLOG FORENSICS

Silent Channel

Your SOC team has detected unusual DNS traffic originating from a single internal workstation. A raw DNS query log has b…

100 pts
mediumLOG FORENSICS

Phantom Heartbeat

A corporate HTTP proxy captured outbound traffic from the internal network. Analysts spotted a host sending unusually re…

200 pts
hardPACKET ANALYSIS

Ghost Protocol

A network tap captured DNS traffic from a compromised workstation. The IDS flagged abnormally high response TTL values w…

300 pts
easyEMAIL FORENSICS

Mail Trap

An employee in the finance department received an email claiming to be from the company CFO requesting an urgent wire tr…

150 pts
mediumTHREAT INTEL

Brand Impersonator

A threat intel feed captured 72 hours of suspicious domain registrations. Multiple brands are being impersonated. Identi…

250 pts