A Cyber Detective Game

The Great Elf Conflict

Welcome to your mission! In this mission, you'll be tasked with uncovering the truth behind the The Great Elf Conflict.

About The Great Elf Conflict

Welcome to your mission! In this mission, you'll be tasked with uncovering the truth behind the The Great Elf Conflict. Your key tool will be the power of Kusto Query Language (KQL), which you'll use to navigate through security logs and uncover critical evidence of malicious activity. This challenge was created as part of the SANS Holiday Hack Challenge 2024 in collaboration with Microsoft Federal.
Spooky Casey

🧠 What you will learn

How to interpret Security Logs to identify evidence of malicious activity How to use Azure Data Explorer (ADX) and Kusto Query Language (KQL) to query logs How to formulate an analytical question and answer it using data

⛩️ Requirements

Anyone can do this :)

In Love Raccoon

Frequently Asked Questions

Here’s what you need to know about KC7, based on the questions we get asked the most.

KC7 is an educational tool designed to introduce students to cybersecurity principles and data analysis through engaging, hands-on activities. KC7 gamifies learning in a way that engages students in the content all while encouraging them to move at their own pace.

Anyone can use KC7 to learn cybersecurity - whether you are a career-changer, a student, or a cybersecurity professional. While KC7 is a “cybersecurity game", it uses story elements and logical thought processes to deliver content to students. KC7 aims to make cybersecurity accessible to everyone, regardless of their prior knowledge or experience.

No, KC7 is offered free of charge. KC7 was founded in order to make cybersecurity understandable and accessible to everyone.

KC7 provides everyone access to a realistic lab setting – without the major hurdles typically encountered when setting up their own – and offers a path to empower individuals to learn what it takes to work as a blue teamer and investigate realistic attacks in an organization’s environment.

KC7 is created and informed by industry professionals and designed to guide users through hands-on cybersecurity skills, regardless of their experience, and then shows them how to apply what they’ve learned with a large data set and perform the actual work of a blue teamer. Now, individuals can investigate attacks and, when the big interview question comes, “Do you have experience looking through data to surface and understand cybersecurity attacks?” they can answer, YES!

Jibby Saetang transitioned from watch and jewelry repair to cybersecurity by playing KC7.

KC7 challenges this traditional approach. We’ve redefined “fundamentals” not as disparate technical skills, but as highly transferable, cross-disciplinary skills that help students learn how to think, reason, and communicate. With KC7, students begin their cybersecurity learning journey by building and reinforcing skills in critical thinking, teamwork, written and verbal communication, and application of geopolitical context.

Teachers can integrate KC7 into their curriculum by using its story elements and hands-on activities to teach cybersecurity concepts. KC7’s free, self-paced modules are perfect for classroom settings, allowing students to learn and apply cybersecurity principles through interactive and engaging exercises.

Teachers can request a custom scoreboard for their class at no cost. This scoreboard will allow students to compete against each other in a safe and controlled environment.

Read about how Bryan Quillen, a high school cybersecurity teacher in Kentucky, transformed his classroom using KC7.

For most modules, the data is hosted in Azure Data Explorer (ADX). You'll need to access it in order to complete these modules. In order to use ADX in a separate browser, you will need a Microsoft account (Outlook, Hotmail, O365, etc.).

You'll use the KC7 scoreboard to answer challenge questions and track your progress. You will need to create an account if you don't already have one.

Some modules will provide you with a training guide. In those cases, the training guide will teach you everything you need to know for the module.