Incident Response CTF

Submit Flags · Scoreboard · Details

FortiGate Operator

IR 410: FortiGate 7.6 Operator  45 pts + 165 extra

Windows and Linux Machines

IR 100: Windows and Linux Machines20

Velociraptor

IR 371: Velociraptor Server on Linux  20 + 5 extra
IR 372: Investigating a PUP with Velociraptor  25 + 15 extra
IR 373: Investigating a Bot with Velociraptor  50 extra
IR 374: Investigating a Two-Stage RAT with Velociraptor  35 extra
IR 370: Installing Velociraptor on Windows  30 extra

Zeek

IR 350: Zeek Interactive Tutorial  15 + 44 extra
IR 351: Installing and Using Zeek  25 extra

Defenses

IR 400: Network Discovery with runZero  10
H 241: Tailscale VPN  15 extra
H 242: Cloudflare WARP  10 extra
H 243: HAproxy Scrubber  10 extra

Splunk Boss of the SOC

BOTSv1: Threat Hunting with Splunk  80 pts + 245 extra

Vulnerability Scanning

IR 312: Vulnerability Scanning with Nuclei  45 extra

Defending Windows

IR 301: Installing Splunk on a Windows Server  15 extra
IR 330: Detecting Ransomware with Splunk and Sysmon  20 extra
IR 303: Capturing RAM from a Process  15 extra
IR 304: VirusTotal & Wireshark  35 extra
IR 305: PacketTotal  45 extra
IR 306: Yara  40 extra
IR 307: Prefetch Forensics  15 extra

Defending Linux Servers

ED 200: Google Cloud Linux Server  15 extra
IR 201: Splunk & Suricata  45 extra
IR 202: Metasploit & Drupalgeddon  85 extra
IR 308: osquery  15 extra

Binary (Extra Credit)

H 101 - 104: Binary Games  40 extra

Networking

H 410: Nmap  40 extra
H 420: Wireshark  110 extra
H 430: Scapy  20 extra

Making Your Own Windows VM
Optional

Recommended
    PMA 41: Windows 10 with Analysis Tools		20 extra
Not Recommended
    PMA 40: FLARE-VM		20 extra
Alternative Local System
    H 2: Windows 2016 Server Virtual Machine		15 extra
Best Cloud System
    PMA 60: Windows 10 on Azure Cloud		15 extra
Alternate Cloud System
    PMA 30: Windows 2016 Server on Google Cloud		15 extra

Virtual Machine Resources

Practical Malware Analysis Samples

Hypervisors

VMware Player (for Windows hosts, free)
VMware Fusion (for Mac hosts, 30-day trial)
VirtualBox (free for all platforms)

Prepared for Fall 2026 5-5-26