Adventure Center
Project Obsidian CTF
Introduction
Developed by BTV’s Project Obsidian team, this CTF offers an immersive incident response exercise designed to challenge and engage participants of all skill levels. Dive into a detailed, realistic scenario that tests your ability to handle complex security incidents and sharpen your cyber defense skills.
This year, we’re enhancing the experience with the OWASP JuiceShop platform, adding an extra layer of web application security challenges. While JuiceShop provides valuable additional content, the core of Project Obsidian remains its rich, hands-on incident response scenarios. Whether you’re new to cybersecurity or a seasoned expert, join us for a dynamic and rewarding experience. Blue Team Village proudly presents… Project Obsidian!
SAGE ADVICE
We champion the concept of choosing your adventure, allowing participants to download required evidence (logs, packets, etc.) or access the provided SIEM's for hunting. For those new to cyber defense, we highly recommend joining BTV’s Project Obsidian workshop sessions, covering essential CTF topics to support your journey.
The Plot
Welcome to Magnum Tempus Financial, a leading player in the financial sector, renowned for its commitment to securing client assets and maintaining the highest standards of data integrity. But in the wake of a recent crisis, Magnum Tempus is in turmoil, and you, the cyber forensic investigator, have been called upon to unravel the chaos.
Incident Overview
In mid-July 2024, Magnum Tempus Financial found itself in the midst of a catastrophic breach. While the investigation was still underway, a major incident involving Crowdstrike shook the cyber landscape, causing widespread disruptions across cloud service providers. This unforeseen event severely impacted the security monitoring systems and the integrity of the retained incident data, complicating an already challenging forensic investigation.
The Breach
An advanced adversary infiltrated Magnum Tempus’s infrastructure, deploying multiple implants within the Windows domain. These implants were meticulously designed for persistence, leveraging well-known command and control (C2) channels. The attack led to extensive enumeration, exfiltration, and potential data loss, all while the security team struggled to manage the fallout.
The Challenge
In response to the unfolding disaster, disaster recovery strategies were quickly enacted. Efforts were focused on recovering what historical log data was available, but the recovery process was far from perfect. The log data, which had been rehydrated into the security logging and monitoring systems, is now fragmented, corrupted, and less than optimal.
As part of this intricate challenge, your task is to dive into this reconstructed log data. With the real-world complexities of compromised data and disrupted systems, you must navigate through this sea of imperfect information to identify the traces of the initial breach, understand the attacker’s actions, and piece together a coherent narrative of what transpired.
The Mission
Your mission is to analyze the recovered log data, uncover hidden clues, and reconstruct the sequence of events that led to the breach. Your findings will help Magnum Tempus not only to understand the full scope of the attack but also to fortify their defenses against future threats.
Get ready to test your forensic skills in a scenario that blends real-world challenges with high-stakes investigation. The clock is ticking, and the path to clarity is fraught with obstacles—can you rise to the challenge and reveal the truth behind the chaos?
Getting Started
See you next year!
Even though Defcon 32 is over, head over to the Blue Team Village Discord #ctf channel to hang out with the gang!
Event Schedule
August 09, 2024 @ 10:30 PST - August 10, 2024 @ 18:00 PST
Tools and Data Access
In Project Obsidian, participants are immersed in a realistic incident response scenario, utilizing actual security detection, monitoring, and forensic tools. This hands-on approach allows you to engage with industry-standard technologies as you navigate through a simulated investigation. By leveraging these real-world tools, you’ll gain valuable experience in threat detection, analysis, and response, mirroring the complexities of an actual cybersecurity investigation. Our goal is to provide an authentic and practical learning experience, equipping you with skills and insights applicable to real-world scenarios. The following tools will be provisioned for your use as part of your participation.
For those interested in exploring data from Blue Team Village talks and workshops further, all logs collected during the execution of Project Obsidian are available for public download at https://ctf.blueteamvillage.org/docs/media.
OFFICIAL DISCLAIMER
Please be aware that any files downloaded from our competition are provided for educational purposes only. Blue Team Village is not responsible for any harm, damage, or issues that may arise from downloading or interacting with these files. Proceed with caution, and ensure that you use appropriate security measures when handling any downloaded content.
I NEED HELP!
If you encounter any issues or need assistance during the competition, don’t hesitate to reach out to Blue Team Village staff and volunteers. Our team is here to ensure you have a smooth and enjoyable experience. For immediate support, you can also get help in the CTF channel on our Discord server. Whether you have questions about the challenges, need technical support, or require any other assistance, we’re here to help. Look for our staff and volunteers throughout the venue, or connect with us online for prompt support.