Blue Team Proving Ground

Prove your
instincts.

Timed investigations across SOC, CTI and DFIR. Real telemetry, real artifacts, one arena. Your skills — measured, scored, and sharpened.

Investigation Tools
Real tools. Real investigation.

Analysts work in the same environments they'd use on the job.

SOC
SIEM
A live console loaded with the scenario's own telemetry — authentication events, process execution, network flows and endpoint logs. Analysts search and filter across sources, correlate events into a coherent story, pivot from one indicator to the next, and separate the real intrusion from the noise around it.
CTI
CTI Platform
A threat-intelligence workbench for turning raw indicators into judgement. Look up addresses, domains and file hashes; read sandbox verdicts and malware context; attribute activity to known tradecraft; and map what you're seeing to adversary techniques so the response can be aimed, not guessed.
DFIR
Forensic VM
A dedicated forensic workstation holding evidence from the compromised hosts. Examine disk and memory, recover deleted and hidden artifacts, trace persistence and lateral movement, and reconstruct the attacker's timeline from what they left behind.
Get Started
Ready to Begin?

Register as a player to participate in the next assessment, or contact the Assessment Lead for reviewer access.