In this Cyber Quest, participants will be challenged to identify indicators that show an incident has occurred, differentiating between those incidents that represent impotent attack vectors and those that need to be analyzed in-depth by incident responders. Participants will analyze packets, logs, and related scenarios to determine the nature of a variety of attacks, using skills associated with Security Monitoring and Event Analysts job requirements as set forth in the Mission Critical Role Project document developed by the Council on CyberSecurity.
Important Notice: Some of the packet capture files contained in the ZIP file contain evidence of attacks, but are not malicious in any way. Some anti-virus tools may alert based on the presence of the attack evidence. Specifically, Avast and ClamAV are known to identify the capture.pcap packet capture file as a false positive. However, the file itself cannot attack or exploit computers in any way, and is not executable at all. The file is merely read using the Wireshark analysis tool, and it in no way manipulates or alters Wireshark. If a user receives an anti-virus alert, they need to either configure the anti-virus tool to allow the file to be opened or to analyze it on a computer with a different anti-virus tool.
Registration and the quiz will be available on July 12, 2017, from 7:30am-5:00pm EDT. Registered users will each have three attempts to take the quiz. For each of your three attempts, you will have until 5:00pm EDT to complete it, and you may only submit your answers once per attempt. For each attempt, you must submit the answers by 5:00pm EDT on July 12, 2017. If you still have the quiz open in your browser at closing time, or if you leave the quiz and don't come back to submit, it will automatically submit whatever answers you have entered so far. If you stay on the same page for more than four hours, your session may time out. Your answers on each page will be automatically saved every five minutes, and when you click the Next button at the bottom of each page. You may leave and come back, but you must come back to finish before time expires or the quiz closes!
Rankings will be determined based on who achieves the highest score in the shortest amount of time. In the event of a tie score, the shortest time is the winner. Your highest score among your three attempts will be counted as your final score. The time is calculated based on when you first open the quiz and when you submit your final answers; the timer DOES NOT stop if you leave and come back! For example, if you start the quiz at 2:00pm, work on it for an hour, then come back the next day at 1:00pm and submit your final answers at 1:05pm, your time would be 23:05:00.
Any user found to have registered for more than one account, or users found to have shared answers, will be disqualified and ineligible for any awards, prizes, scholarships or other opportunities presented as a result of Cyber Quests.
Questions about the challenge should be directed to firstname.lastname@example.org. However, please keep in mind that we will not give answers to the quiz itself.