.png)
Benscha
Cybersecurity Consultant
875 / 2213 XP to level 55
*Rankings computed based on core modules (71100 pts).
Joined in January, 2026
Benscha earned 14 badges
Download Your Certificate!
You've completed games and earned badges! Click on any badge below to view and download your certificate!
Advanced Persistent Analyst
Someone who failed, got up, and tried again!
Issued on: Jan 22, 2026
Jojo's Hospital
This analyst completed the JoJo's Hospital module, investigating a cyber attack involving an Initial Access Broker and a Ransomware-as-a-Service (RaaS) operation. They demonstrated skills in detecting phishing and malvertising tactics, tracing unauthorized network access, understanding hacker collaboration, and analyzing ransomware activities.
Issued on: Jan 23, 2026
.png)
Titan Shield
This analyst successfully investigated two highly sophisticated cyberattacks against TitanShield’s sensitive projects, demonstrating advanced investigative skills in identifying social engineering tactics, malicious file execution, and data exfiltration strategies. Using Kusto Query Language (KQL), they unraveled Moonstone Sleet's phishing campaign targeting Project Omega and Crimson Sandstorm’s romance scheme aimed at harvesting critical system and user information. This exercise reinforced skills in threat actor profiling, recognizing social engineering-based reconnaissance on social media, and assessing the broader security implications of protecting intellectual property in a high-stakes defense context.
Issued on: Jan 23, 2026
Rap Beef
This analyst investigated a themed scenario involving rival hip-hop artists. They used key cybersecurity skills to identify suspicious communications and activities, analyzing internal messages to track unauthorized exchanges and uncover patterns. This exercise reinforced critical skills in data analysis, threat detection, and the application of cybersecurity principles in unconventional contexts.
Issued on: Jan 22, 2026
Clout Defender
This analyst unraveled a targeted phishing and social engineering attack against a rising influencer. Through OSINT, phishing analysis, and log forensics, they uncovered how personal details shared on social media were exploited to compromise her accounts. Using Kusto Query Language (KQL), they analyzed employee logs, inbound and outbound traffic, and passive DNS data to trace the attacker’s steps and infrastructure. This exercise strengthened skills in threat analysis, digital forensics, and understanding the real-world risks of oversharing online.
Issued on: Jan 22, 2026
Valdorian Times
This analyst investigated an email phishing attack in Valdoria that uncovered a politically motivated influence campaign. Using Kusto Query Language (KQL), they analyzed employee roles, email communications, and computer process events, revealing evidence of data exfiltration and manipulation. This exercise reinforced skill in querying data and understanding data integrity within a cybersecurity context.
Issued on: Jan 22, 2026
.png)
Solvi Systems
This analyst investigated a cybersecurity incident at Solvi Systems by identifying an attempted XSS attack and tracking a phishing email campaign. Using Kusto Query Language (KQL), they uncovered the threat actor’s reconnaissance efforts, system compromises, and malware activities, providing critical insights for enhancing security measures.
Issued on: Feb 03, 2026
AzureCrest
This analyst investigated a ransomware attack, where cost-cutting measures led to a single point of failure in their systems. This exercise highlighted the risks associated with prioritizing cost over security and reinforced skills in identifying vulnerabilities and understanding the broader implications of inadequate security measures in a healthcare context.
Issued on: Feb 03, 2026
Critical Compromise (ICS)
This analyst completed the Critical Compromise in Chicago module, demonstrating their ability to investigate a malware-based attack on a SCADA system. Through their use of Kusto Query Language (KQL), they uncovered the deployment of malicious software that disrupted the power grid. Their investigation helped identify the attack's origin and provided insights into the attackers’ methods, ultimately contributing to the restoration of normal operations and improving defenses for critical infrastructure.
Issued on: Feb 03, 2026
3 day streak
Awarded to a user who has answered a question for 3 days in a row!
Issued on: Feb 04, 2026
Krusty Krab
This analyst completed the "Krusty Krab" module, investigating a phishing attack and data exfiltration. They used Kusto Query Language (KQL) to analyze email and network logs, revealing the use of deceptive email addresses and malicious domains. This exercise emphasized their ability to pivot and connect malicious domains to threat actor behavior, showcasing their proficiency in threat detection and analysis.
Issued on: Feb 04, 2026
Envolve Labs
This analyst completed the "Envolve Labs" module. They demonstrated skills in using Kusto Query Language (KQL) in their investigation that included identifying phishing campaigns, analyzing command-line activities, and uncovering credential theft and data exfiltration. They also learned to cluster and attribute attacks to specific threat actors, connecting malicious domains and email addresses to threat actor behavior.
Issued on: Feb 04, 2026
HopsNStuff
This analyst completed the "HopsNStuff" module, investigating a cyber attack through the analysis of endpoint process events and command-line activities. They demonstrated skills in identifying anomalous file behavior by using Kusto Query Language (KQL) to uncover malicious activities. The investigation highlighted their ability to analyze and deobfuscate malicious PowerShell commands, effectively identifying and responding to data exfiltration techniques.
Issued on: Feb 10, 2026
10 day streak
Awarded to a user who has answered a question for 10 days in a row!
Issued on: Feb 11, 2026
Objectives Progress
Benscha played 18 games
Level 1: A Scandal in Valdoria: A Political Mystery 2430/2430
Level 1: Solvi Systems: A tale of Supply Chains and ICS 2860/2860
Level 1: A Rap Beef: An Intro to Security Investigations 950/950
Level 1: Jojo's Hospital: A Ransomware Investigation 610/610
Level 1: Titan Shield: A showcase of Microsoft Defender XDR 4000/4000
Level 1: Valdoria Votes: A Political Mystery (Part 2) 2750/2750
Level 1: CloutHaus: Social Media leads to Compromise 1170/1170
Level 1: How to play KC7 190/190
Level 2: Envolve Labs: With a twist! 950/950
Level 2: HopsNStuff: An Easter APT hunt 14265/14265
Level 2: Krusty Krab: A Intro to Pivoting and Analysis 7360/7360
Level 2: Castle & Sand: A Beachy Case of Ransomware 12700/13050
Level 2: AzureCrest - The full version 8790/8790
Level 2: Critical Compromise In Chicago - ICS 2870/2870
Level 2: French Socksess Story 2080/2080
Level 2: Turkey Bowl 2590/2590
Level 3: Inside Encryptodera: An Insider Threat Scenario 3690/3990
Level 3: Galaxy Neura 845/1265
Pattern of Life
Issue Badge to Benscha
| # | Image | Badge | Description | Action |
|---|---|---|---|---|
| 1 |  | 2024 SANS New2Cyber CTF Participant | This badge has been awarded to those who took part in the 2024 SANS New2Cyber x KC7 Capture The Flag (CTF) challenge, which involved investigating a ransomware attack on a hospital. | |
| 2 | | Intro Master | Intro Master | |
| 3 |  | Azure Crest | This analyst investigated a ransomware attack, where cost-cutting measures led to a single point of failure in their systems. This exercise highlighted the risks associated with prioritizing cost over security and reinforced skills in identifying vulnerabilities and understanding the broader implications of inadequate security measures in a healthcare context. | |
| 4 |  | Wiccon25 | You've participated to the WICCON25 workshop! You've successfully uncovered the full attack chain of a zombie themed ransomware. | |
| 5 |  | Helping Hand | This award is community-nominated! Someone in the KC7 community has recognized this user for their contributions to others! | |
| 6 |  | Most Improved | Someone who really improved over the course of a KC7 event! | |
| 7 |  | Notre Dame Challenge | Completed the cybersecurity challenge event at Notre Dame in June 2023 | |
| 8 |  | KC7 Top 10 (2023) | Awarded to top 10 KC7 players in 2023 | |
| 9 |  | Cyber Challenge Series: Team Winner | This badge is issued to KC7 players who were members of a team that placed top 3 in a Blue Team Cyber Challenge event! | |
| 10 |  | Super Fan | This badge is issued to any KC7 player who has completed 3 modules or more! | |
| 11 |  | 30 day hot steak | Awarded to a user who has answered a question for 30 days in a row. | |
| 12 |  | 90 day streak | Awarded to a user who has answered a question for 90 days in a row. | |
| 13 |  | The Teacher | Someone who really helped lift up their peers and enabled others to learn! | |
| 14 |  | Inside Encryptodera - Event Participant | Participant in the February 2024 monthly event featuring the Encryptodera module | |
| 15 |  | Cyber Challenge Series: Winner | This badge is issued to KC7 players who placed top 3 (as an individual) in an Blue Team Cyber Challenge event! | |
| 16 |  | 45 day streak | Awarded to a user who has answered a question for 45 days in a row! | |
| 17 |  | 360 day streak | Awarded to a user who has answered a question for 360 days in a row! | |
| 18 |  | 60 day streak | Awarded to a user who has answered a question for 60 days in a row. | |
| 19 |  | 120 day streak | Awarded to a user who has answered a question for 120 days in a row! | |
| 20 |  | Bright Future | Someone who shows a lot of potential as a future cyber analyst! | |
| 21 |  | 180 day streak | Awarded to a user who has answered a question for 180 days in a row! |