Elastic CTF v3

Elastic CTF v3!

Ready to hunt, discover, and conquer?

Welcome to the Hunt

This CTF environment consists of two components: a scoring platform (CTFd) where you'll submit your answers and an Elastic cluster (Instruqt) where all the investigation data lives. As you progress through 30 challenges across three realistic attack scenarios, you'll need to utilize both components to succeed.

CTFd - Scoring Platform

To begin: Please click on the 'register' button in the top right hand side of this page.

You don't have to use your real name or email address, but if you don't, we may not be able to share any prizes with you!

Instruqt - Elastic Cluster

Access the Elastic environment where all the investigation data lives (the URL will be shared by your CTF Host). It may take a few minutes for the environment to fully spin up.

Attack Scenarios

Your investigation skills will be tested across three realistic attack scenarios, each with increasing complexity:

Scenario 1: Excel Extortion

Investigate a malicious macro attack that started with a seemingly innocent spreadsheet. Track the attacker's movements and uncover their techniques to gain initial access.

Scenario 2: Credential Theft

A sophisticated supply chain attack has compromised user credentials. Follow the breadcrumbs to understand how the attackers gained persistence and what data they accessed.

Scenario 3: Ransomware

The most challenging scenario involves a ransomware attack. Analyze the attack chain from initial compromise to encryption, and identify potential recovery options.

Elastic UI Orientation

Here's a quick orientation to help you navigate the Elastic interface:

  • This information pane can be resized, feel free to make it smaller once you've digested the information.
  • Within the Elastic UI you can right-click on a link and it will open in a new browser tab, this might give you more screen real-estate if you're on a small screen.
  • There is a time range selector at the top right of the Elastic UI. At the start of each section we'll tell which time picker to use. Make sure this is set correctly.
  • Many items will have "+" or "-" icons when you hover to filter in/out.
  • Filters are shown at the top under the query bar and persist, so remember to remove filters you no longer need.
  • If you copy and paste into CTF, check for whitespace and remove it. All challenge answers are case insensitive.
  • You will spend most of your time in the Security App, if you find yourself elsewhere you are probably lost!
  • Remember Elastic docs and blogs are all online, so try "site:elastic.co [search term]" in Google if you need help.

Quick Video Walkthrough

For a visual overview of the challenges ahead, check out this brief introduction:

Watch: CTF Environment Walkthrough

Challenge Structure

This CTF features 30 sequential challenges that progressively increase in difficulty as you work through the scenarios:

Challenge Progression

  • Excel Extortion - introductory level
  • Credential Theft - moderate complexity
  • Ransomware - highest difficulty

Scoring Information

  • All 30 challenges are worth 10 points each
  • Every challenge has a hint available
  • Using a hint costs 5 points
  • You can make unlimited guesses without penalty
  • Total possible score: 300 points (if no hints used)

Ready to Begin?

Register on CTFd, explore the Elastic environment, and start hunting! Remember to work systematically and document your findings as you go.

Good luck and happy hunting!