Table of Contents

1. Challenge

   Navigating the Graylog Interface

   This challenge will familiarize participants with Graylog by exploring its interface. This challenge provides a guided walkthrough of Graylog's core features, helping you understand how to visualize network traffic data effectively.

2. Challenge

   Identifying Port/Protocol Mismatches

   This challenge will require participants to review network traffic data to identify discrepancies between port numbers and their expected protocols. Such mismatches may signal misconfigurations, unauthorized services, or malicious activities. Utilizing the pre-collected Zeek dataset, the goal is to discern and scrutinize these anomalies for insight into their origins and implications.

3. Challenge

   Detecting Beaconing Hosts

   This challenge requires participants to sift through network traffic data to detect hosts demonstrating regular periodic communication with external servers—behavior indicative of command and control (C2) server interactions. The task of leveraging pre-captured Zeek data and simulated beaconing traffic is to identify these clandestine communications, analyze their frequency, and investigate the involved external entities.

4. Challenge

   Uncovering Data Exfiltration Attempts

   In this challenge, participants examine outbound network traffic to unearth indicators of data exfiltration. By scrutinizing traffic for volume, frequency, and destination anomalies, the objective is to detect unusual patterns potentially indicative of unauthorized data transfers. Using simulated exfiltration activities, the aim is to identify these attempts and comprehend their execution mechanisms.

5. Challenge

   The Last Challenge

   Welcome to the final challenge! This is your last chance to experiment in the environment. Clicking Finish Lab will end this little world that flittered into existence just for you.