Medium difficulty challenges.

Bank of England logo

Following an increase in the usage of the Carbanak backdoor amongst attackers you have been asked to analyse the ways in which the backdoor infiltrates a system.

***To enter you only need to complete one qualifying challenge, however, the more challenges you complete the higher your chance at being selected.***

Bank of England logo

A third party claims to have observed communication from your network to a known Command and Control server. Use your traffic analysis skills to determine if a web server on your network has been compromised.

The scenario

You work in the security team for an Internet hosting company, offering colocation services for customers to install their own devices in your data centre.

You receive notification that following an Interpol operation to takedown a C2 server based in Eastern Europe, an IP address within a range allocated to one such customer has been observed in the C2 server’s log files.

***To enter you only need to complete one qualifying challenge, however, the more challenges you complete the higher your chance at being selected.***

Bank of England logo

PiChart Global Analytics relies on you to establish whether a host behaving in an unusual way is in fact compromised. Put your endpoint knowledge and log analysis skills to the test and prove you have what it takes!

The scenario

You are an employee for the PiCharts Global Analytics company Security Operations Centre (SOC). A fellow incident responder just received a phone call from a user working in the Web Design team to report the following: "Following a device restart to complete a tool installation on my device, I logged on with my usual credentials and I was briefly presented with a console window that closed immediately. The laptop is working alright, but I thought this was slightly weird. I am assuming this is you guys pushing an update, right?".

Your colleagues thought this was indeed weird and as such they compiled and left you a number of files containing logs from the host in the timeframe before and after the restart, to enable you to look into this further and determine whether the host is compromised or not.

***To enter you only need to complete one qualifying challenge, however, the more challenges you complete the higher your chance at being selected.***

This game was one of 3 qualifiers for the HMGCC & BAE face to face challenge held at the Blue Fin building, London on 3rd September 2016. Here is another chance to try your hand at the decryption challenge.

Game summary - this is an explanation of what the game entails.

Background
A friendly country's Royal Navy has been under a sustained cyber attack for several months by unknown actors. Network engineers have detected suspicious activity and believe this may be related to a viral email containing a Java based quiz program targeting their Rum loving sailors. Initial analysis has not highlighted anything suspicious, but a more thorough investigation is required...

BT logo

We are investigating a large corporate with a consumer type customer base with an online presence and a set of retail stores. A large number of customers are reporting unauthorised bank account transactions which appear to be related. We have a suspect (an employee has had erratic behaviour and attendance, and showing signed of unusual recent affluence) but we’re not sure of motive or how this happened.

You will need analysis skills and some experience with SQL injection techniques to complete this challenge.

Your challenge is to look at the initial stages of the attack by identifying the SQL injection request, which data was extracted, and time of attack.

Here is another chance to try your hand at the qualifier for the HMGCC & BAE face to face challenge at the Blue Fin building, London on 3rd September 2016.  This challenge will test your networking skills.

The scenario:

CorpNet is a multinational business with clients around the globe. There have been reports from staff that their workstations have been behaving strangely and the Systems Admin believes they have spotted suspicious activity on one of their office networks. The Chief Security Officer has asked for an independent review of their network. Working as a network forensic investigator, examine the provided forensic.pcap file from local System Admin and provide answers to the questions.

HMGCC Logo

Welcome to Her Majesty's Government Communications Centre's (HMGCC's) game

This game is intended to let you practice your  cyber skills on a fictitious office network. If you are interested in a career in cyber then get in touch, we are currently recruiting for skilled engineers of varying experience and knowledge. Visit www.hmgcc.gov.uk for further information.

The scenario:

CorpNet is a multinational business with clients around the globe. There have been reports from staff that their workstations have been behaving strangely and the Systems Admin believes they have spotted suspicious activity on one of their office networks. The Chief Security Officer has asked for an independent review of their network. Working as a network forensic investigator, examine the provided forensic.pcap file from local System Admin and provide answers to the questions

.