How does it work?
Our Blue Team CTFs are aimed at those wanting to sharpen their skills in investigating cyber security incidents.
These challenges require you to investigate and solve cyber incidents based on semi-realistic backstories. Whether you are a DFIR or SOC analyst, Detection Engineer, a bloody Red-Teamer or just someone wanting to gain some experience and have a little bit of fun, there is something for you.
The challenges will typically involve the analysis of a triage data pack relating to a compromised host. Where possible, the challenges will be built in such a way that they can be solved without the need for proprietary forensic tooling, making it accessible to most.
The majority of questions will have hints available, which should assist those not so familiar with the field in solving the challenges. Finally, the aim of SocVel is not to be first in completing the challenge (although there are some bragging rights), but rather to give as many correct answers the first time around. To encourage this, wrong answers will be automatically penalised.
Ready? Click on one of the below live challenges to get going!
#LOSPRYS DFIR CTF Challenge
Gerhardus Stephanos was about to switch on the computer that manages one of the largest model train ecosystems in the Southern Hemisphere. Just before he could, IT came running in. An apparent Ransomware incident at the company had forced them to shut down all systems. Can you help solve what happened? Gerhardus really needs them model trains up and running again...
#DIKBEK DFIR CTF Challenge
Professor Jan Vogel has spent the last 6 months developing an early detection system for the Novid Virus. But, one week before the public launch of the Metaalbekkanarie, the confidential research which was set to make the South African government Billions of Randelas was published on Github by attackers. How could this have happened?
#POOPTORIA DFIR CTF Challenge
This is a disaster! The plant controller host at the Strikdaspoort Wastewater Treatment Plant in Pretoria was compromised, allowing attackers to switch the entire plant into backwash mode. Can you solve what happened?