Black cats are prowling, pumpkins are glowing and witches are waltzing – it’s Halloween! Here at Immersive Labs, we love to celebrate the holidays. This year is definitely in need of some fun, so to whet your vampire-toothed whistle, we’ve put together a series of spook-tacular murder mystery CTF-style labs that require a range of cyber skills.
Here’s how it starts...
You and a friend have checked into a hotel for an infosec conference. At reception, you are invited to a Halloween-themed party. Later that evening, the event is well attended; everyone is dressed for the occasion, revelling in the fake-blood frivolities of the Halloween party. After dinner, you mingle with the other guests, drinking pumpkin punch and bloody Marys. The evening is all fun and games until a murder takes place… It’s your job to figure out who did it, but of course, the killer hasn’t made it easy for you. You’ll need to demonstrate your digital dexterity and coding competence to work out the murderer’s identity.
The first lab in the series focuses on infrastructure hacking, which is pretty simple when you know what you're looking for. Can you find any open ports after scanning the target IP address? What is that port commonly associated with? A quick look around the desktop should also provide you with a crucial tool. What could help you find out who was staying at the hotel?
Moving on from infrastructure to web app hacking, in part two you’ll need to use your knowledge of SQL injection to retrieve data about who attended the party. What parameter might be vulnerable? Following that, the third CTF is a nested archive challenge, sort of like a Linux-based Russian doll. What will you discover when you get to the center?
No murder mystery would be complete without some forensic DNA analysis. And of course, because this is a cyber challenge, the best way to access files of interest is through the aptly-named program Autopsy, through which you can undertake some cyber forensic analysis. See what we did there?
And finally, the fifth lab will reveal who the murderer is, provided you can craft some nifty server-side template injections. It seems that the killer is scarily into blogging and creepy literature. He’s also a bit of a poet, believe it or not. Can you find the poem he’s hidden?
All of these Halloween murder mystery labs are now available on Community mode, so if you’ve always fancied trying the platform but were unsure about how to access it, now’s your chance. It’s all completely free: no contracts, no cash, no commitments. All you need to get started is yourself, your email address, and the code GIMMEFREELABS.
Ready to solve the mystery?
30 October 2020
Latest Blog posts
One-day exploit party with SaltStack
2 March 2021
Why so salty? Local privilege escalation on SaltStack minions
26 February 2021
Diverse organizations build high-performing crisis response teams. Here’s how.
24 February 2021
New package management flaw: dependency confusion
22 February 2021
Being out in the workplace: Why being open matters
15 February 2021
The digitalization of kidnap and extortion: a modern business dilemma
11 February 2021