In this challenge, we've been tasked with analyzing Apache logs to uncover what an attacker did before defacing the victim's website. We're given access to an ELK instance to perform our investigation.

Slingshot challenges us to investigate a compromised web server, using ELK, to discover a web-based attack. We're tasked with determining vulnerability exploitation, account compromise, and data exfiltration.

For this challenge, we've been tasked with investigating a disk image to find evidence of a gang's planned attack. We'll use Autopsy and ThumbCache Viewer to uncover the gang's plans and target.

For this challenge, we've been tasked with migrating systems to use the nftables firewall. We will need to enable the service, configure the rules, and enable logging on the Domain Controller.

For this challenge we'll be using Wireshark to investigate whether an endpoint has been compromised, types of scans conducted, which ports were open, and identify login attempts.

In this challenge we will be analyzing Sysmon Logs and a PCAP to uncover the actions taken by a threat actor throughout several stages of the Cyber Kill Chain.

In this NICE challenge we're tasked with creating OUs and assinging various permissions, GPOs, and configuring basic ACLs on a Linux fileshare.

PDFURI tasks us with performing disk forensics and analyzing artifacts with various tools, such as FTK Imager, Event Viewer, PDFStreamDumper, and DB Browser.

In this challenge, we'll be analyzing a pcap to identify various attacks against a webserver.

We've been tasked with analyzing the memory capture of a compromised device to find various IOCs and pieces of evidence, including the attacker's reverse shell, IP address, and location.