Practice Briefing
Discord Challenges
Standalone Discord-based CTF practice set focused on OSINT, metadata tracing, and investigator workflow.
easy
Easy challenges
easy
challenge
The Academic Leak
🚨 The Investigation Academic exam papers from an Arabic university have been leaked online. Our investigation shows the leaker is obsessed with an Arabic paranormal TV series and actively discusses it on social media platforms. The suspect uses the same identity across multiple fan communities where they share theories and episode reviews about this paranormal show. They maintain consistent online behavior patterns that link their entertainment activities to their other digital presence. 🎯 Your Mission We suspect someone called "Ben" leaked academic exam papers online. Ben is a huge fan of an Arabic paranormal TV series and frequently discusses it on social media platforms and fan communities. Your job is to find Ben through his passion for this Arabic paranormal show and identify which specific exam papers he leaked.
easy
challenge
Missing cat and the seller
During a recent trip to Sydney, Australia, a pet owner’s cat went missing. Shortly after, the owner came across a surprising discovery – a photo of their cat had been posted for sale online by someone in the area. Your task is to locate the missing pet and identify the individual who put the cat up for sale. The investigation will require gathering information about the person behind it, and the goal is to reunite the owner with their cat and find the seller's email address. Important Note: DON'T INTERACT WITH ANY OF THE EMAILS OR CONTACT ANYTHING YOU FIND.
medium
Medium challenges
medium
challenge
Operation Luminous Stag: Decoding the Certificate Trail
A surge of Lumma Stealer infections has hit cryptocurrency communities. The malware’s latest variant, LummaC2, exfiltrates wallet seeds and browser cookies to a hidden command-and-control (C2) server. Your team intercepts a sample revealing that the C2 domain: References two concepts: one tied to the malware’s Latin-derived name (“light”) and another to a forest creature symbolizing stealth. Was registered via Cloudflare (AS13335) and first active on January 22, 2025. Uses a TLS certificate logged 24 hours pre-attack across multiple CT providers, with a Sectigo (formerly Comodo) entry showing a 1-second timestamp anomaly. The attackers likely rotated certificates rapidly to evade detection. Your mission: Find the critical Sectigo CT log entry tied to this domain to uncover linked infrastructure.
medium
challenge
Hunter: Last Known Venue
Our financial crimes unit has been tracking a suspected money launderer believed to be coordinating cash drops and shell-company payments through upscale meeting locations across Egypt. During a late-night surveillance operation, one of our field agents followed the suspect to what appeared to be a high-end venue and captured a single photo from a concealed camera. Before the agent could send a full report, contact with the suspect was lost. When the evidence was handed over, our Incident Response team found that the camera's storage card had been damaged. They were able to recover several image fragments, but most of the files were corrupted beyond use. One partially recovered image still appears to show the suspect's last known location. We need you to examine the corrupted image, identify the location in Egypt, and recover the exact name of the venue shown in the scene.