Incident Response

Submit Flags · Scoreboard

FortiGate Operator
IR 410: FortiGate 7.6 Operator	45 pts + 165 extra

ATT&CK and OWASP Extra Credit Quizzes Cover These Topics: (Under development)
ATT&CK Enterprise Matrix v19
OWASP Top Ten Web Application Security Risks (2025)
OWASP Mobile Top Ten (2024)
OWASP API Top Ten (2023)
OWASP Top 10 for LLM Applications (2025)
Top 10 Agentic AI Security Risks (2025)

Windows and Linux Machines
IR 100: Windows and Linux Machines	20

Velociraptor
IR 371: Velociraptor Server on Linux	20 + 5 extra
IR 372: Investigating a PUP with Velociraptor	25 + 15 extra
IR 373: Investigating a Bot with Velociraptor	50 extra
IR 374: Investigating a Two-Stage RAT with Velociraptor	35 extra
IR 370: Installing Velociraptor on Windows	30 extra

Zeek
IR 350: Zeek Interactive Tutorial	15 + 44 extra
IR 351: Installing and Using Zeek	25 extra

Defenses
IR 400: Network Discovery with runZero	10
H 241: Tailscale VPN	15 extra
H 242: Cloudflare WARP	10 extra
H 243: HAproxy Scrubber	10 extra

Splunk Boss of the SOC
BOTSv1: Threat Hunting with Splunk	80 pts + 245 extra

Vulnerability Scanning
IR 312: Vulnerability Scanning with Nuclei	45 extra

Defending Windows
IR 301: Installing Splunk on a Windows Server	15 extra
IR 330: Detecting Ransomware with Splunk and Sysmon	20 extra
IR 303: Capturing RAM from a Process	15 extra
IR 304: VirusTotal & Wireshark	35 extra
IR 305: PacketTotal	45 extra
IR 306: Yara	40 extra
IR 307: Prefetch Forensics	15 extra

Defending Linux Servers
ED 200: Google Cloud Linux Server	15 extra
IR 201: Splunk & Suricata	45 extra
IR 202: Metasploit & Drupalgeddon	85 extra
IR 308: osquery	15 extra

Binary (Extra Credit)
H 101 - 104: Binary Games	40 extra

Networking
H 410: Nmap	40 extra
H 420: Wireshark	110 extra
H 430: Scapy	20 extra

Making Your Own Windows VM Optional
Recommended PMA 41: Windows 10 with Analysis Tools	20 extra
Not Recommended PMA 40: FLARE-VM	20 extra
Alternative Local System H 2: Windows 2016 Server Virtual Machine	15 extra
Best Cloud System PMA 60: Windows 10 on Azure Cloud	15 extra
Alternate Cloud System PMA 30: Windows 2016 Server on Google Cloud	15 extra

Virtual Machine Resources

Practical Malware Analysis Samples

Hypervisors

VMware Player (for Windows hosts, free)
VMware Fusion (for Mac hosts, 30-day trial)
VirtualBox (free for all platforms)

Scores archived 8-20-25
Scores archived 4-22-26

IR 312 changed to extra credit 8-27-25
H 241 and H 242 added 10-31-25
H 243 added 11-1-25
Threat Intel section moved to bottom and labeled "Not Recommended" 11-17-25
Scoreboard archived and updated for Fall 2026 on 4-22-26
IR 410 added 4-29-26
Significant updates 5-4-26
ATT&CK and OWASP added 5-18-26
Switched to new scoring system 5-20-26

Incident Response

Submit Flags · Scoreboard

FortiGate Operator

ATT&CK and OWASP

Windows and Linux Machines

Velociraptor

Zeek

Defenses

Splunk Boss of the SOC

Vulnerability Scanning

Defending Windows

Defending Linux Servers

Binary (Extra Credit)

Networking

Making Your Own Windows VMOptional

Virtual Machine Resources

Hypervisors

VMware Player (for Windows hosts, free) VMware Fusion (for Mac hosts, 30-day trial) VirtualBox (free for all platforms)

Making Your Own Windows VM
Optional

VMware Player (for Windows hosts, free)
VMware Fusion (for Mac hosts, 30-day trial)
VirtualBox (free for all platforms)