Incident Response AT DEF CON Trainings 2025

Scoreboard · Submit Flags · Details

Splunk Boss of the SOC

BOTSv1: Threat Hunting with Splunk  325

ATT&CK Matrix v9

Reference: ATT&CK Matrix v9 for Enterprise
ATT 1: ATT&CK Tactics  10
ATT 2: ATT&CK Techniques for Tactics 43, 42, & 1‑3  10
ATT 3: ATT&CK v9 Techniques for Tactics 4-6  10
ATT 4: ATT&CK v9 Techniques for Tactics 7-9  10
ATT 5: ATT&CK v9 Techniques for Tactics 11, 10, and 40  10
ATT 6: ATT&CK v9 Groups  10
ATT 7: ATT&CK v9 Navigator  10 extra
OT 130: MITRE ATT&CK Matrix for ICS  25 extra

Windows and Linux Machines

IR 100: Windows and Linux Machines20

Threat Intelligence

IR 380: STIX Threat Intelligence35 extra
IR 381: TAXII15 extra
IR 382: Cabby40 extra
IR 383: Squid30 extra

Velociraptor

IR 371: Velociraptor Server on Linux  20 + 5 extra
IR 372: Investigating a PUP with Velociraptor  25 + 15 extra
IR 373: Investigating a Bot with Velociraptor  50 extra
IR 374: Investigating a Two-Stage RAT with Velociraptor  35 extra
IR 370: Installing Velociraptor on Windows  30 extra

Zeek

IR 350: Zeek Interactive Tutorial  15 + 44 extra
IR 351: Installing and Using Zeek  25 extra

Defending Windows

IR 301: Installing Splunk on a Windows Server  15 extra
IR 330: Detecting Ransomware with Splunk and Sysmon  20 extra
IR 303: Capturing RAM from a Process  15 extra
IR 304: VirusTotal & Wireshark  35 extra
IR 306: Yara  40 extra
IR 307: Prefetch Forensics  15 extra

ATT 100: Caldera  25 extra
ATT 101: Caldera Operation  15 extra

Defending Linux Servers

ED 200: Google Cloud Linux Server  15 extra
IR 201: Splunk & Suricata  45 extra
IR 202: Metasploit & Drupalgeddon  85 extra
IR 308: osquery  15 extra

Virtual Machine Resources

Practical Malware Analysis Samples

Hypervisors

VMware Player (for Windows hosts, free)
VMware Fusion (for Mac hosts, 30-day trial)
VirtualBox (free for all platforms)

Posted 8-4-25