Here’s a sneak peek at some of the scenarios we are featuring at CTF.
Meta scenario Maldoc pentest
This use case models an admin logging into his system, checking their private email, downloading a password protected zip attachment, decrypting it, and opens the Word document, which then launches an encoded/obfuscated PowerShell reverse shell connecting to an AWS C2 server. The attacker then proceeded to download additional tools from the C2 server through the reverse shell to establish persistence and laterally move to the domain controller.
Lateral machine account manipulation
In this scenario a compromised user account is used to perform a DCSync attack to harvest account information from the Domain Controller (Ultra-Codex). Follow the trail of the attack to answer the questions.
Catch the rabbit
In this scenario an on-site attacker has entered your organization’s building with a Hak5 tool and executed a hot plug payload on a workstation. Can you discover what the attacker looted?
This use case models an on-site attacker leveraging boot payload and remote payload capabilities of a programmable hacker tool which establishes communication with a malicious AWS C2 server, dumps credentials, and finally exfiltrates those harvested credentials.
Are You Ready?
Tuesday, June 7, 11:45 a.m., 1:30 p.m., and 3:15 p.m.
Wednesday, June 8, 11 a.m., 12:30 p.m., and 2:30 p.m.
Thursday, June 9, 11:45 a.m., and 1:30 p.m.