Full-Stack Incident Response for CCSF

Submitting Projects

CCSF students must do these things to get credit:

  • Perform the project steps until you find a flag
  • Capture a whole-desktop image showing the flag
  • Outline or highlight the flag in the image
  • Submit the image in the appropriate Project in Canvas
  • Type the flag into the text field

Splunk Boss of the SOC

BOTSv1: Threat Hunting with Splunk  325

ATT&CK Matrix v9

Reference: ATT&CK Matrix v9 for Enterprise
ATT 1: ATT&CK Tactics  10
ATT 2: ATT&CK Techniques for Tactics 43, 42, & 1‑3  10
ATT 3: ATT&CK v9 Techniques for Tactics 4-6  10
ATT 4: ATT&CK v9 Techniques for Tactics 7-9  10
ATT 5: ATT&CK v9 Techniques for Tactics 11, 10, and 40  10
ATT 6: ATT&CK v9 Groups  10
ATT 7: ATT&CK v9 Navigator  10 extra

Windows and Linux Machines

IR 100: Windows and Linux Machines20

Threat Intelligence

IR 380: STIX Threat Intelligence35 extra
IR 381: TAXII15 extra
IR 382: Cabby40 extra
IR 383: Squid30 extra

Velociraptor

IR 371: Velociraptor Server on Linux  20 + 5 extra
IR 372: Investigating a PUP with Velociraptor  25 + 15 extra
IR 373: Investigating a Bot with Velociraptor  25 + 25 extra
IR 374: Investigating a Two-Stage RAT with Velociraptor  35 extra
IR 370: Installing Velociraptor on Windows  30 extra

Zeek

IR 350: Zeek Interactive Tutorial  15 + 44 extra
IR 351: Installing and Using Zeek  25 extra

Defending Windows

IR 301: Installing Splunk on a Windows Server  15 extra
IR 330: Detecting Ransomware with Splunk and Sysmon  20 extra
IR 303: Capturing RAM from a Process  15 extra
IR 304: VirusTotal & Wireshark  35 extra
IR 305: PacketTotal  45 extra
IR 306: Yara  40 extra
IR 307: Prefetch Forensics  15 extra

ATT 100: Caldera  25 extra
ATT 101: Caldera Operation  15 extra

Defending Linux Servers

ED 200: Google Cloud Linux Server  15 extra
IR 201: Splunk & Suricata  45 extra
IR 202: Metasploit & Drupalgeddon  85 extra
IR 308: osquery  15 extra

Binary (Extra Credit)

H 101 - 104: Binary Games  40 extra

Command Line (Extra Credit)

Don't submit these projects in Canvas; use the scoring system below

Enter Flags · Scoreboard

LJ: Linux Journey  83 extra
B: Bandit Challenges  69 extra
U-Cen and U-Cyb: PowerShell  75 extra

Networking

H 410: Nmap  40 extra
H 420: Wireshark  110 extra
H 430: Scapy  20 extra

Making Your Own Windows VM
Optional

Recommended
    PMA 41: Windows 10 with Analysis Tools
20 extra
Not Recommended
    PMA 40: FLARE-VM
20 extra
Alternative Local System
    H 2: Windows 2016 Server Virtual Machine
15 extra
Best Cloud System
    PMA 60: Windows 10 on Azure Cloud
15 extra
Alternate Cloud System
    PMA 30: Windows 2016 Server on Google Cloud
15 extra

Virtual Machine Resources

Practical Malware Analysis Samples

Hypervisors

VMware Player (for Windows hosts, free)
VMware Fusion (for Mac hosts, 30-day trial)
VirtualBox (free for all platforms)

Updated 9-9-2021
IR 374 added 9-30-21
IR 380 added 10-7-21
IR 381 & 382 added 10-14-21