The Case Vault

Great for first time KC7 Players! You don't need any cybersecurity experience to do this module! 🥳 First time? This is the perfect place to start!

Two hip-hop artists are in the midst of a musical feud. Following long-stewing tensions between the artists, they have begun taking jabs at each other through their music.

As a Security Analyst for OWL Records, your job is to keep the company's information safe so your artists don't get exposed during this ongoing feud.

Valdoria, a city rich with untapped natural resources, faces a pivotal election. The stakes are sky-high: will Valdoria's next mayor focus on rampant economic growth 💰 or answer calls for environmental conservation? 🌱

Amidst this high-stakes political showdown, a scandal erupts. 😱 A renowned newspaper, The Valdorian Times, 🗞️ publishes an unapproved news article accusing the leading political candidate of corruption!

In this module, you'll help The Valdorian Times investigate this attack and bring the truth to the people of the town. Every decision, every headline, every whispered rumor could tip the scales.

Daily7 is a fun challenge that gives you a new cybersecurity question every day! Try your hand at OSINT, decoding, and lots more! All you need access to is the scoreboard. Use codeword DAILY7 to get started!

Jojo's Hospital, a cornerstone of Lexington's healthcare system, faces a critical crisis. The stakes are immense: will the hospital recover its vital services and secure patient data 🏥 or succumb to the paralyzing ransomware attack? 🛡️

In the midst of this high-pressure scenario, a ransomware attack unfolds. 😱 The notorious hacking group, LockByte, has encrypted critical hospital files, demanding a hefty ransom for their release!

In this module, you'll assist Jojo's Hospital in investigating the attack and restoring its operations. Every decision, every piece of evidence, and every strategic move could determine the hospital's fate.

In cybersecurity, every log tells a story. Failed logins, unusual network activity, and hidden threats are all buried in massive datasets. Kusto Query Language (KQL) is a powerful tool that helps you efficiently search, filter, and analyze logs to uncover security incidents before they escalate.

In this module, you’ll learn how to use KQL to query logs, identify patterns, and think like an investigator to stay ahead of cyber threats. Whether you’re a security analyst, threat hunter, or just getting started, KQL 101 will equip you with the skills to turn raw data into actionable intelligence.

Solvi Systems, a software company, is a key player is South Africa's energy industry ⚡.

With its cutting-edge Docks software, Solvi Systems has become indispensable to major power and utility companies, shaping the distribution of energy in not just South Africa, but across neighboring nations like Mozambique, Eswatini, Zimbabwe, and Namibia. 🌍

However, the interconnectedness of this power grid also brings 😱 vulnerability.

In this module, you'll help investigate an intrusion against Solvi Systems, and find out how attackers may have leveraged their access to discover vulnerabilities in the DOCKS software.

Welcome to TitanShield! TitanShield is a world-class defense company best known for manufacturing to keep the world safe 🦅

Recently, TitanShield has noticed some unusual activity on their network🧐. But not just any network. Someone is messing with files in our most top-secret project: Project Omega! 🕵️‍♂️🖥️

And… there might be more at play here than meets the eye 👀

In this module, you'll get practice using Microsoft Defender XDR Threat Intelligence to learn more about the intrusion and who was responsible for it!

This module is sponsored by Microsoft.

The Valdoria Board of Elections is gearing up for the most critical election in recent memory. To ensure a smooth voting experience, the board has hired additional poll workers in the past month, preparing them to support operations and assist voters. Officials have made it clear that the voting machines are highly secure, working tirelessly to reassure the public about the integrity of the election process.

However, malicious actors are actively working to sow doubt, hoping to make citizens question the validity of their vote. As Election Day approaches, Valdoria's citizens anxiously watch, wondering if democracy will withstand these challenges.

Azure Crest Hospital 🏥 is a cornerstone of healthcare excellence, standing tall as a regional medical beacon with a team of over 200 dedicated heroes. Azure Crest is more than a hospital—it's a life-saving universe in the heart of the community. 🩺👩‍💼🔧

The leadership at Azure Crest Hospital is charting a course towards cost-efficiency, contemplating the tough decision to streamline its workforce. 😔 Alongside this, they're overhauling their critical IT backbone, upgrading servers and databases. 🔄💾

In this module you will dive into the digital drama at Azure Crest Hospital, where you'll unravel the twists of a perilous ransomware attack 🤑, spotlighting the dangers of skimping on costs at the expense of potentially risky tech upgrades 💻.

In a world of sun, sand, and surf, Castle&Sand reigns supreme as the beacon of beachwear and accessories. But beneath the shimmering facade of this retail paradise lies a digital battleground. This modules delves into the heart of a thriving company known for setting trends and defining summer lifestyles, now facing an unprecedented threat.

Enter the SharkzBoys, a shadowy group of cyber marauders, who unleash a devastating ransomware attack on Castle&Sand's sprawling empire. This gripping narrative isn't just about cutting-edge bikinis and sun hats; it's a high-stakes drama of cyber warfare where every click could spell disaster.

Witness a tense race against time as Castle&Sand battles to reclaim control from the clutches of unseen adversaries. It's a tale of resilience, innovation, and survival, set against the relentless waves of the digital age.

In this KC7 cybersecurity game, you’ll dive into a major power outage in Chicago, caused by a sophisticated attack targeting the city's SCADA systems. As you track down malicious activity, you’ll uncover phishing attacks that compromised employees, leading to destructive malware being deployed . You’ll follow evidence of lateral movement, credential theft, and system sabotage, all while uncovering how the attacker—modeled after a real-world threat actor—gained control and shut down the power grid .

Are you ready for the challenge?

Learn clustering and attribution by analyzing multiple intrusions against a fictitious research company called EnvolveLabs. This time the threat activity is tricky tricky! This is a good example of ways attribution can be challenging.

Start your KC7 adventure here!

In this fun module, you'll investigate a data breach and extortion scheme on a popular French company called 'Jus de Chaussette'.

The Valdorian Times has published another groundbreaking article ahead of the election. This time, it's about the incumbent mayoral candidate. According to the Times, the Mayor took bribes from FramtidX, a development company, to allow them to build a mall on protected land, a special marsh home to endangered frogs. 🐸🌿

Is this another fake story published by the Times, or is there any truth to it? As a cybersecurity analyst for FramtidX, you must dig deep, uncover the cyber side of the scandal, and discover the truth. 🕵️‍♂️💻🔍 Every piece of evidence you find will help reveal the reality behind the headlines. Can you solve the mystery and protect the future of Valdoria? ⚖️🌟

This is a continuation of the Scandal In Valdoria game. But, don't worry, you can still play this without having done that first.

This module was first published in collaboration with Cybrary at Blackhat 2024

HopsNStuff is a brewery renowned for crafting the most delectable ginger beer around. But what truly sets us apart is our secret formula, passed down from generation to generation.

Learn how to work through multiple full intrusion sets starting with an alert.

A beginner-friendly intro to pivoting and analysis. You will be defending a underwater restaurant against miniature adversaries.

Hungry for a bowl of turkey? You've come to the perfect place! Vangsol hosts an annual Turkey Bowl competition the weekend before Thanksgiving, pitting the rival schools Oxford Academy and Sierra Vista High in a fun filled football game!

Unfortunately, it appears that there have been indications of foul play. You are now tasked with investigating an attack that occurred and discover who is truly behind the attack and their motives.

We are back at the Envolvelabs research lab, but things aren't so calm this time around. Your job is to safeguard EnvolveLabs, a leading research hub in Ukraine, and its dedicated team from potential cyber threats, especially during these challenging times of the Russian invasion.

In this special module, we leverage Synapse - a versatile central intelligence and analysis system developed by the Vertex Project, to parse through the lab's telemetry and find evidence of malicious activity.

Balloons Over Iowa (BOI) is a company that specializes in providing extravagant gender reveal experiences through the rental of high-quality floating balloons. The balloons are purchased from China and are available in various sizes, colors, and designs to match the clients' preferences.

Open event for May 13, 2023

Dai Wok Foods is a global food company that has captured the hearts and palates of millions of food enthusiasts around the world.

GalaxyNeura Tech (GNT) is a biotechnology company striving to bring together humanity’s soft fleshy body and the most advanced computer technology. They believe cyberpunk should not only be something to experience in video games, but something to live. Who hasn’t dreamt of enhancing themselves, right?

But with groundbreaking innovation comes unwanted attention. Threat actors are circling, looking for ways to steal, disrupt, or sabotage GNT’s research. It’s up to you to investigate suspicious activity, uncover the adversary’s tactics, and stop them before they compromise the future of human augmentation.

Do you have what it takes to hunt the threat?

Encryptodera is a hot new financial company specializing in fancy finance tech, like cryptocurrency, blockchain, and payment gateways. 💰

Despite healthy profit margins, Encryptodera leaders are looking to cut costs by laying off some of their workers. 😭 While nobody is happy about this, some employees are especially upset and have decided to cause some trouble. 😈

In this module, you'll help Encryptodera get to the bottom of a dangerous disgruntled employee 😡, a rambunctious ransomware attack 🤑, and some shady dealings 🥷 happening right under their nose.

Scholars and historians speculate that the Scholomance Hidden Enclave has been concealed from the mortal world for centuries if not millennia.

But now hackers are may be trying to unveil those secrets through digital means. It is your job to stop them.

🎮 Dive into the heart of the digital drama at Azure Crest Hospital in this thrilling game module. Navigate a hospital besieged by cyber threats, unravel the ransomware attack, expose risky cost-cutting measures, and restore the hospital's operations. Are you ready to tackle the chaos and save the day?

Specialized tools are handy—if you know how to use them. Cybersecurity analysts are often expected to use VirusTotal but very little training is offered or available. In this module, we spend all our time in VirusTotal. Unlike other VirusTotal training, this module assumes you have a free account and no prior experience with VirusTotal. The course is designed for all skill levels.

VirusTotal is one of many publicly available tools common in cybersecurity. It is currently owned by Google and has become an essential part of cyber investigations.

The Spooky Sweets Candy Company is a renowned confectionery enterprise with a captivating history and a substantial global following. Founded in the early 20th century by the imaginative Wilhelmina "Willy" Whipple, the company has since evolved into a Halloween sensation. Spooky Sweets is celebrated for its inventive and spooky-themed candy creations, contributing significantly to the Halloween spirit.

Sunlands Aeronautics and Space Administration (SASA) is the esteemed government agency of the United Sunlands responsible for the civil space program, aeronautics research, and space research.

You just got hired as Junior Security Operations Center (SOC) Analyst at World Domination Nation, a woman-led consulting powerhouse, propels individuals and organizations to unleash their potential through visionary "world domination plans."

BBL Studios, a secretive powerhouse in the rap game, has brought in high-profile producer MetroBus Boomin to elevate their beats. However, the studio is now caught in the middle of a notorious rap feud, with rumors swirling that a diss track aimed at Dwake could bring dangerous attention to the studio.

As a Security Analyst for BBL Studios, your job is to protect the studio's secrets and ensure that the brewing tensions don't expose the company to new risks.

You think you're a decent cyber sleuth now? THINK AGAIN! This game exists for the sole purpose of humbling you. So go ahead and click away to exit this tab, cause you probably don't have it in you 🤣 If indeed you are foolish enough to try, don't say we didn't warn you… 👀

The year is 2323. Washington D.C. has been split into several districts, some districts inhabited, some are simply abandoned relics of the past. Where there is life, there is a sprawling metropolis! Within the industrial district, the Madam C.J. Walker Manufacturing Company stands as a defiant beacon of hope within the industrial district.

This was a custom KC7 challenge built for Defcon 2023.