Haystack CTF: The Hunt for IOC's

Immerse yourself in the world of Intrusion Detection in our new Blue Team game, Haystack. Your mission is to follow the trail of Indicators of Compromise (IOCs) and spot the tell-tale signs of cyber threats. It's a mix of fun, challenge, and learning - an experience you don't want to miss!

An up-and-coming hacker prodigy known as Leopold falls into debt with The League after unsuccessfully trying to hack into The League's network to exploit the nefarious group's operatives and motives. Recognizing Leopold's talent, Mal campaigns The League to compromise Leopold's ethical outlook. After successfully turning Leopold, The League puts him to work on his first mission — targeting the network of Zeta Tactical, a supplier of innovative security solutions for Tier 1 data center customers. After detecting the breach, Zeta Tactical's security leadership determines the severity and sensitivity of the attack to be greater than their defense standards. Because Leopold and The League are not asking for ransom — instead wanting the proprietary information stored in Zeta's network to help advance future attacks on additional enterprise targets — Zeta Tactical leadership contracts with SAVE, an elite gray hat hacking organization that is specially trained to assist matters of this kind.

The challenges within this CTF are intermediate-level and hints are provided via in-game chat.

Goals and Objectives

Assemble a team of 3-4 players capable of entering Zeta's network, identify all the indicators of compromise and mitigate the threat by eliminating Leopold's foothold in the network. Open Source Tools:

• Security Onion (SEIM log analysis)
• Zenmap (reconnaissance)
• Ghidra (reverse engineering)
• Burp Suite (web penetrations)

Who should attend?

Teams who need training on Blue Team tactics, SOC, IR Specialists and Infrastructure Engineers, Cyber Engineers and Cyber Architects, teams looking to level up their skill sets and build ways of working together. *Please limit one team per company.