Lab 4: Ghost of the SOC

Defensive, log analysis, SOC Analyst

On September 15, 2025, an incident responder was going about their usual job when a digital entity known as the Glitch Geist suddenly infected one of the remote hosts. The spirit has been wreaking havoc, deleting logs erratically and injecting junk data into files, leaving behind a digital wasteland. Only one remote host is still up, but has disconnected itself from the SIEM after GlitchGeist infected it.

The SOC has been fully closed down since, and the responder fled their home in terror, but in their haste, they left behind some files and clues that you may find helpful in your investigation:

An Elastic instance running on the default Kibana port 5601, for you to identify the machine that the pesky Glitch Geist took over.

Lab 5: Cursed Canvas

Defensive, steganography

You approach the next house and tentatively knock on the door. Creaking ominously, it swings away from you after barely a touch, opening onto a room with a bowl of candy on the table. Finally, some actual trick or treating!

However, as you walk towards the table, you hear a quiet click behind you. Spinning around, you notice the door has shut. After a few tries of the handle and a kick to the door, you realise it’s locked. Well, at least you’re locked in with the candy. Going back to the table, you find a note: 

“greetings, help our unquiet lost souls, set us free from evil room, then run away please.

“We were trapped in the first painting by the evil wizards, and if they find you, you'll be trapped here too! You’ll need the password to set us free, maybe finding out who they are will help. Once we’re out, we can unlock the door.

Lab 6: Widow’s Web

Defensive & Offensive, web crawlers, honeypot, Pen Tester, Cybersecurity Engineer

The next house on Specter Street was once home to an ambitious young author, but it now appears desolate. A tangle of ivy creeps up the side of the house, and the windows are masked in a thick layer of spider webs.

The door swings open before you have time to process, and you realize the site has been claimed. The Widow stands before you, a monstrous Spider Queen who has woven herself into the deepest layers of the web. Her children, the Crawlers, swarm through every hidden path. Some are harmless, respecting the warnings. Others are dangerously curious, creeping through secret chambers, hunting for forbidden knowledge.

Your mission is to expose these traitors.

Need help solving the mystery? SabrinaKayaci​  will be on hand in this pre-recorded webinar to walk you through Cursed Canvas.

To locate the Trick or Treat on Specter Street challenge navigate to Exercise > Challenges & Scenarios > Trick or Treat on Specter Street