Incident Response and the ATT&CK Matrix 2020 CTF

With @sambowne, @djhardb, @KaitlynGuru, and @infosecirvin.

Scoreboard · Submit Flags

       

Archived Videos

DEF CON 28, 2020
CircleCityCon 2020
GRAYHAT 2020

Archived Scores

May 18, 2021
DEF CON 28
HOPE 2020
Cyber June'Gle 2020
CircleCityCon 2020
Oct 27, 2020
Aug 9, 2020
GRAYHAT 2020
July 11, 2021

Splunk Boss of the SOC

BOTSv1: Threat Hunting with Splunk  325

ATT&CK Matrix v9

Reference: ATT&CK Matrix v9 for Enterprise
ATT 1: ATT&CK Tactics  10
ATT 2: ATT&CK Techniques for Tactics 43, 42, & 1‑3  10
ATT 3: ATT&CK v9 Techniques for Tactics 4-6  10
ATT 4: ATT&CK v9 Techniques for Tactics 7-9  10
ATT 5: ATT&CK v9 Techniques for Tactics 11, 10, and 40  10
ATT 6: ATT&CK v9 Groups  10
ATT 7: ATT&CK v9 Navigator  10
ATT 100: Caldera  25+
ATT 101: Caldera Operation  15

Defending Linux Servers

ED 200: Google Cloud Linux Server  15
IR 201: Splunk & Suricata  45
IR 202: Metasploit & Drupalgeddon  85
IR 308: osquery  15

Prepare a Windows Server
Do One of These

H 220: Windows Virtual Machine  15
H 221: Google Cloud Windows Server  10

Defending Windows

IR 301: Installing Splunk on a Windows Server  15
IR 330: Detecting Ransomware with Splunk and Sysmon  20
IR 303: Capturing a RAM from a Process  15
IR 304: VirusTotal & Wireshark  35
IR 305: PacketTotal  45
IR 306: Yara  40
IR 307: Prefetch Forensics  15
IR 350: Zeek Interactive Tutorial  59
IR 351: Installing and Using Zeek  25
IR 370: Velociraptor  30
IR 371: Velociraptor (under development)  30
IR 372: Velociraptor (under development)  30

Basics

H 101 - 104: Binary Games  20
LJ: Linux Journey  83
B: Bandit Challenges  230
U-Cen and U-Cyb: PowerShell  75
Linux Unhatched: Free Course  
ICSI | Certified Penetration Tester: Free Course  

Metasploit

H 310: Metasploit v. ActiveMQ  20
H 311: Adding a Custom Exploit to Metasploit  15
H 312: Writing a Custom Metasploit Module  25
H 320: Creating a Trojan with Metasploit  15

Networking

H 410: Nmap  40
H 420: Wireshark  110
H 430: Scapy  20

Posted 6-12-2020
IR 340 added 6-19-2020
IR 350 added 6-21-2020
IR 351 added 6-26-2020
Updated for GRAYHAT, IR 340 removed 10-27-20
Scores archived and cleared 3-18-21
IR 370 added 5-7-2021
Updating ATT&CK to v9 started 7-7-2021