Incident Response and the ATT&CK Matrix 2020 CTF
With
@sambowne
,
@djhardb
,
@KaitlynGuru
, and
@infosecirvin
.
Scoreboard
·
Submit Flags
Archived Videos
DEF CON 28, 2020
CircleCityCon 2020
GRAYHAT 2020
Archived Scores
May 18, 2021
DEF CON 28
HOPE 2020
Cyber June'Gle 2020
CircleCityCon 2020
Oct 27, 2020
Aug 9, 2020
GRAYHAT 2020
July 11, 2021
Splunk Boss of the SOC
BOTSv1: Threat Hunting with Splunk
325
ATT&CK Matrix v9
Reference: ATT&CK Matrix v9 for Enterprise
ATT 1: ATT&CK Tactics
10
ATT 2: ATT&CK Techniques for Tactics 43, 42, & 1‑3
10
ATT 3: ATT&CK v9 Techniques for Tactics 4-6
10
ATT 4: ATT&CK v9 Techniques for Tactics 7-9
10
ATT 5: ATT&CK v9 Techniques for Tactics 11, 10, and 40
10
ATT 6: ATT&CK v9 Groups
10
ATT 7: ATT&CK v9 Navigator
10
ATT 100: Caldera
25+
ATT 101: Caldera Operation
15
Defending Linux Servers
ED 200: Google Cloud Linux Server
15
IR 201: Splunk & Suricata
45
IR 202: Metasploit & Drupalgeddon
85
IR 308: osquery
15
Prepare a Windows Server
Do One of These
H 220: Windows Virtual Machine
15
H 221: Google Cloud Windows Server
10
Defending Windows
IR 301: Installing Splunk on a Windows Server
15
IR 330: Detecting Ransomware with Splunk and Sysmon
20
IR 303: Capturing a RAM from a Process
15
IR 304: VirusTotal & Wireshark
35
IR 305: PacketTotal
45
IR 306: Yara
40
IR 307: Prefetch Forensics
15
IR 350: Zeek Interactive Tutorial
59
IR 351: Installing and Using Zeek
25
IR 370: Velociraptor
30
IR 371: Velociraptor (under development)
30
IR 372: Velociraptor (under development)
30
Basics
H 101 - 104: Binary Games
20
LJ: Linux Journey
83
B: Bandit Challenges
230
U-Cen and U-Cyb: PowerShell
75
Linux Unhatched: Free Course
ICSI | Certified Penetration Tester: Free Course
Metasploit
H 310: Metasploit v. ActiveMQ
20
H 311: Adding a Custom Exploit to Metasploit
15
H 312: Writing a Custom Metasploit Module
25
H 320: Creating a Trojan with Metasploit
15
Networking
H 410: Nmap
40
H 420: Wireshark
110
H 430: Scapy
20
Posted 6-12-2020
IR 340 added 6-19-2020
IR 350 added 6-21-2020
IR 351 added 6-26-2020
Updated for GRAYHAT, IR 340 removed 10-27-20
Scores archived and cleared 3-18-21
IR 370 added 5-7-2021
Updating ATT&CK to v9 started 7-7-2021