Elastic Capture the Flag - ASEAN - Jan 2022

25 Jan 2022

This CTF was a 1 hour compeition, and there was an Introduction to Elastic Security before the competition started. I did not manage to catch the intro as I was busy, but it would have been great if I could listen and follow the presentation. There were 30 challenges in total hosted on CTFD platform. You could only proceed to the next stage by solving the given challenge ie. no skipping of challenges.

Using Alerts, Visualisation, Lens, Timeline, ZScaler web proxy logs, Arguments, Event Analyzer the challenges asked participants to search for

• Users with specific alerts

• Open alerts

• Rule names

• Most common MITRE ATT&CK ID

• Records of certain type

• Name of downloaded file

• Recipient of file

• Event dataset

• URL domains

• Usernames that generated alerts

• metadata from the Elastic Detection Rules

• Process executed

• Decoded file name

• Phishing file name