u1tr0nex/soc-ctf-challenges-v2

# SOC CTF Challenges Lab v2 🔒 ## Overview This is an interactive **Security Operations Center (SOC) Capture The Flag (CTF)** lab (Version 2) designed to help students practice real-world cybersecurity incident response and SIEM (Security Information and Event Management) skills. **What's New in v2:** - ✅ Enhanced hint system with anti-exploit protection - ✅ Wrong-answer penalty system (−15 XP per attempt) - ✅ Victory screen with total XP and percentage score - ✅ Fixed scroll behavior in mission modals - ✅ Permanent progress tracking (localStorage) ## What You'll Do You'll work through **10 cybersecurity missions**, each simulating a different security incident that a SOC analyst would encounter. Each mission contains **5 tasks** that you must complete in sequence. ### Mission Types Include: - Network intrusion detection (VPN anomalies, suspicious connections) - Insider threat investigation (data theft, USB misuse) - Malware analysis (cryptominers, backdoors) - Supply chain attack response - Cloud security incidents (AWS compromise) - SIEM rule creation and tuning - Threat intelligence integration - Behavioral baseline analysis ## How the Lab Works ### Getting Started 1. Open the main challenge file (`soc-ctf.html`) in your browser 2. Use a **private/incognito window** if you want to start fresh (progress is saved in browser) 3. Read the scenario and simulation panel for each mission ### Playing the Challenge - **Answer all 5 tasks** in each mission to complete it - Each task **validates before unlocking** the next task - When you complete all 5 tasks in a mission, you'll receive a **mission flag** - Copy the flag when the mission completes (you'll need it for verification) - **Progress is automatically saved** in your browser's localStorage (`socCtfProgress_v2`) ### Scoring System (v2) The lab uses an XP (experience points) system to reward skill and penalize guesswork: | Action | Effect | |--------|--------| | Correct answer (first try) | Full task XP + bonus | | Use a hint | −30 XP (permanent for that task) | | Wrong answer | −15 XP per attempt (max 3 penalties per task = −45 max) | | Complete all 5 tasks in a mission | +250 XP mission bonus | **Maximum possible score: 9,500 XP** (perfect run with no hints or wrong answers) **Scoring Breakdown:** - 50 tasks × varying XP (100–180 per task) = **7,000 XP** - 10 mission bonuses × 250 XP = **2,500 XP** - **Total: 9,500 XP** ### Hint System (v2) - Each task has a **Hint (−30 XP) button** if you're stuck - Hints provide contextual clues but cost 30 XP - Hint usage is **saved permanently** for that task (`hintUsed: true`) - **Points are calculated once** on first correct submission - Re-answering cannot restore points (`pointsAwarded` locked after completion) - Use hints strategically when you're truly stuck ### Wrong Answer Penalties (v2) - Each wrong attempt: **−15 XP** - Maximum 3 wrong attempts penalized per task (= −45 XP max per task) - Feedback shows remaining XP possible for that task - Penalties are **locked into final score**, not refunded later ### Victory Screen (v2) After completing all 10 missions: - **Congratulations overlay** shows your total score - Displays **total XP earned** - Shows **max possible (9,500 XP)** and your **percentage** ### Resetting Progress To start over: - Open the lab in a **private/incognito browser window**, OR - Clear your browser's localStorage (key: `socCtfProgress_v2`) ## What You'll Learn By completing this lab, you'll gain hands-on experience with: ✅ **Incident Response** - Investigating security incidents step-by-step ✅ **Threat Detection** - Identifying indicators of compromise (IOCs) ✅ **SIEM Skills** - Creating correlation rules, tuning alerts, building use cases ✅ **Forensic Analysis** - Analyzing logs, processes, and network traffic ✅ **Cloud Security** - AWS incident response and security group misconfigurations ✅ **Risk Mitigation** - Recommending appropriate containment and remediation actions ## How to Use This Lab ### For Students: 1. **Clone or download** this repository 2. **Open** `soc-ctf.html` in your web browser (double-click the file) 3. **Start the challenge** - no installation needed! 4. **Read** each mission scenario carefully 5. **Think like a SOC analyst** - what would you investigate next? 6. **Submit answers** based on the scenario evidence 7. **Use hints wisely** if you're stuck (but they cost XP) 8. **Track your flags** - each mission gives you a flag upon completion 9. **Check your score** on the victory screen after completing all missions ### Tips for Success: - 🔍 **Read scenarios thoroughly** - key details are in the text - 📊 **Think about the attack chain** - what happened before/after? - 🎯 **Consider the stakeholder perspective** - what does the manager/team need? - 🛡️ **Prioritize containment** - what stops the threat fastest? - 📝 **Document your reasoning** - even if not required, it helps thinking - 💡 **Use hints strategically** - only when truly stuck (costs 30 XP) - ⚠️ **Avoid wrong answers** - each costs 15 XP (max 3 per task) ## Learning Objectives This lab aligns with SOC Level 1/Junior Analyst competencies: - Identify suspicious activity from scenario descriptions - Recommend appropriate incident response actions - Understand SIEM correlation and alert tuning concepts - Recognize common attack patterns (insider threat, malware, supply chain) - Apply cloud security incident response principles - Balance detection accuracy with operational efficiency ## Assessment This lab is designed for: - **Self-paced learning** - track your own progress - **Classroom labs** - instructor can verify completion via flags - **Interview preparation** - practice SOC-style scenario questions - **Skill assessment** - XP score reflects both accuracy and efficiency ## Important Notes ⚠️ **No external resources needed** - All information is in the scenario ⚠️ **No programming required** - This is a conceptual/decision-making lab ⚠️ **Browser-based** - Works on any modern browser (Chrome, Firefox, Edge, Safari) ⚠️ **No server required** - Everything runs locally in your browser ⚠️ **Progress saved automatically** - Uses localStorage (`socCtfProgress_v2`) ## Ready to Start? **Download the repository**, open `soc-ctf.html` in your browser, and begin Mission 1! Good luck, future SOC analyst! 🎯🔐 *This lab is designed for educational purposes. Flags and scoring are for learning verification only.* *Version 2.0 - May 2026*

标签：后端开发