Incident Response AT DEF CON Trainings 2025
Scoreboard
·
Submit Flags
·
Details
Splunk Boss of the SOC
BOTSv1: Threat Hunting with Splunk
325
ATT&CK Matrix v9
Reference: ATT&CK Matrix v9 for Enterprise
ATT 1: ATT&CK Tactics
10
ATT 2: ATT&CK Techniques for Tactics 43, 42, & 1‑3
10
ATT 3: ATT&CK v9 Techniques for Tactics 4-6
10
ATT 4: ATT&CK v9 Techniques for Tactics 7-9
10
ATT 5: ATT&CK v9 Techniques for Tactics 11, 10, and 40
10
ATT 6: ATT&CK v9 Groups
10
ATT 7: ATT&CK v9 Navigator
10 extra
OT 130: MITRE ATT&CK Matrix for ICS
25 extra
Windows and Linux Machines
IR 100: Windows and Linux Machines
20
Threat Intelligence
IR 380: STIX Threat Intelligence
35 extra
IR 381: TAXII
15 extra
IR 382: Cabby
40 extra
IR 383: Squid
30 extra
Velociraptor
IR 371: Velociraptor Server on Linux
20 + 5 extra
IR 372: Investigating a PUP with Velociraptor
25 + 15 extra
IR 373: Investigating a Bot with Velociraptor
50 extra
IR 374: Investigating a Two-Stage RAT with Velociraptor
35 extra
IR 370: Installing Velociraptor on Windows
30 extra
Zeek
IR 350: Zeek Interactive Tutorial
15 + 44 extra
IR 351: Installing and Using Zeek
25 extra
Defending Windows
IR 301: Installing Splunk on a Windows Server
15 extra
IR 330: Detecting Ransomware with Splunk and Sysmon
20 extra
IR 303: Capturing RAM from a Process
15 extra
IR 304: VirusTotal & Wireshark
35 extra
IR 306: Yara
40 extra
IR 307: Prefetch Forensics
15 extra
ATT 100: Caldera
25 extra
ATT 101: Caldera Operation
15 extra
Defending Linux Servers
ED 200: Google Cloud Linux Server
15 extra
IR 201: Splunk & Suricata
45 extra
IR 202: Metasploit & Drupalgeddon
85 extra
IR 308: osquery
15 extra
Virtual Machine Resources
Practical Malware Analysis Samples
Hypervisors
VMware Player (for Windows hosts, free)
VMware Fusion (for Mac hosts, 30-day trial)
VirtualBox (free for all platforms)
Posted 8-4-25