SPHINX Capture the Flag Challenge

A hands-on session was organised as a training session, in which the pilot end-users actually worked and tested components of SPHINX Toolkit, mainly Interactive Dashboard, Data Traffic Monitoring, Security Information and Event Management and Vulnerability Assessment as a Service, in the context of Use Case 1.

This session was coordinated by SIMAVI, the leader of the training activities task of Task 8.6, and PDMFC with the contribution of all technical partners. In order to provide the desired interactivity between end-users and the SPHINX Toolkit prototype, the training session was carried out as a Capture the Flag Challenge (CtF) event type, using an online platform for cyber security competitions: CTFtime.org / All about CTF (Capture the Flag).

The SPHINX Capture the Flag Challenge took place on the 2nd of December 2021. Representatives of the pilots and technical partners were participants. The objective of the game was for the end-users to learn more about SPHINX tools, in an interactive and engaging way.

Following the introductory steps, the participants have tried the CTF platform, understanding the map (see below) and the types of missions, i.e. introduction, detection and vulnerabilities tracing.

 

CtF Challenge Map

Each mission consisted of several tasks to be achieved. The “Introduction” mission, depicted in the figure below, had a low difficulty level and serve as an example of how tasks should be completed, and points won.

Introduction Mission

The next mission was “Detection”, in which the main components used were Interactive Dashboard (ID) and Data Traffic Monitoring (DTM). The participants accessed through the SPHINX ID component the General dashboard and DTM Dashboard and used them to solve the task, by using filtering functions to find keywords in columns  “Signature”, “IP” or “Severity level”.

General Dashboard snapshot

Detection Mission

Data Traffic Monitoring Dashboard

Another mission was “Vulnerabilities”(see snapshot below), for which the participants used SPHINX Toolkit components as ID, DTM and VaaaS and the “Vulnerability Assessment as a Service” dashboard. The task was to filter vulnerabilities by IP or CVSS score.

At the end of the SPHINX CTF Event, the participants received access to the SPHINX CTF platform to replay the missions and deepen their understanding.