Incident Response and the ATT&CK Matrix 2020 CTF

With @sambowne, @djhardb, @KaitlynGuru, and @infosecirvin.

Scoreboard · Submit Flags

Final Scores from GRAYHAT 2020

       

Archived Scores

DEF CON 28
HOPE 2020
Cyber June'Gle 2020
CircleCityCon 2020

Oct 27, 2020
Aug 9, 2020

Archived Videos

DEF CON 28
CircleCityCon 2020

Splunk Boss of the SOC

BOTSv1: Threat Hunting with Splunk  325

Defending Linux Servers

ED 200: Google Cloud Linux Server  15
IR 201: Splunk & Suricata  45
IR 202: Metasploit & Drupalgeddon  85
IR 308: osquery  15

Prepare a Windows Server
Do One of These

H 220: Windows Virtual Machine  15
H 221: Google Cloud Windows Server  10

Defending Windows

IR 301: Installing Splunk on a Windows Server  15
IR 330: Detecting Ransomware with Splunk and Sysmon  20
IR 303: Capturing a RAM from a Process  15
IR 304: VirusTotal & Wireshark  35
IR 305: PacketTotal  45
IR 306: Yara  40
IR 307: Prefetch Forensics  15
IR 350: Zeek Interactive Tutorial  59
IR 351: Installing and Using Zeek  25

ATT&CK Matrix

Reference: ATT&CK Matrix v7 for Enterprise
ATT 1: ATT&CK Tactics  10
ATT 2: ATT&CK Techniques for Tactics 1-3  10
ATT 3: ATT&CK Techniques for Tactics 4-6  10
ATT 4: ATT&CK Techniques for Tactics 7-9  10
ATT 5: ATT&CK Techniques for Tactics 10-12  10
ATT 6: ATT&CK Groups  10
ATT 7: ATT&CK Navigator  10
ATT 100: Caldera  25+
ATT 101: Caldera Operation  15

Basics

H 101 - 104: Binary Games  20
LJ: Linux Journey  83
B: Bandit Challenges  230
U-Cen and U-Cyb: PowerShell  75
Linux Unhatched: Free Course  
ICSI | Certified Penetration Tester: Free Course  

Metasploit

H 310: Metasploit v. ActiveMQ  20
H 311: Adding a Custom Exploit to Metasploit  15
H 312: Writing a Custom Metasploit Module  25
H 320: Creating a Trojan with Metasploit  15

Networking

H 410: Nmap  40
H 420: Wireshark  110
H 430: Scapy  20

Posted 6-12-2020
IR 340 added 6-19-2020
IR 350 added 6-21-2020
IR 351 added 6-26-2020
Updated for GRAYHAT, IR 340 removed 10-27-20