Blue Team Assessment Platform

Test Your Cyber
Defense Skills

CyberStrike Arena is a structured assessment platform for SOC, DFIR, and CTI analysts. Real scenarios. Real tools. Measurable results.

3
Departments
4
Roles
8h
Assessment
4
Attempts
Access Levels
Four Roles, One Platform

Every participant has a clearly defined role with tailored access and responsibilities.

๐ŸŽฏ
Player
Analysts who take the assessment, answering questions using real investigative tools.
Access to Kibana SIEM
Download DFIR VM (OVA)
CTI Workbench access
4 attempts per question
Self-registration
๐Ÿ”
Reviewer
SMEs who review scenarios and questions, providing structured feedback before the assessment.
Review scenarios + questions
Submit per-question feedback
Rate difficulty accuracy
Suggest improvements
Assigned by Lead
๐Ÿ“Š
Assessment Lead
Manages the full assessment lifecycle โ€” from scenario upload to running the live event.
Upload + edit scenarios
Start / pause / end runs
Trigger breaks
Live dashboard
Export reports (PDF + Excel)
โš™๏ธ
Admin
Full system control โ€” user management, platform configuration, and complete oversight.
All Lead capabilities
User activation/deactivation
Role assignment
System configuration
Full audit access
Investigation Tools
Real Tools. Real Investigation.

Players use the same tools they'd use in a real SOC, CTI, or DFIR role.

๐Ÿ”
Kibana SIEM
SOC
Live Elastic/Kibana instance pre-loaded with scenario-specific log data. Players write KQL queries to investigate alerts, hunt threats, and find evidence to answer SOC questions. Auto-login SSO โ€” no separate credentials.
๐Ÿง 
CTI Workbench
CTI
Custom-built threat intelligence platform with IOC enrichment, MITRE ATT&CK Navigator, threat actor profiles, and scenario-specific intelligence reports. All data is pre-loaded and curated for the scenario.
๐Ÿ’ป
DFIR Virtual Machine
DFIR
Downloadable OVA image of a pre-compromised Windows system. All forensic artifacts are pre-organized in C:\Evidence\. Tools pre-installed include PECmd, PEStudio, Autoruns, RegRipper, Event Log Explorer, and Volatility 3.
Methodology
Four-Phase Assessment Process

Structured phases ensure quality scenarios and accurate assessment results.

1
Scenario Review
Reviewers access the /review portal, read the full scenario with all questions, and experience a simulation of the player view. They submit structured per-question feedback to the Assessment Lead.
2
Scenario Refinement
The Lead reviews all feedback on the dashboard, refines scenarios and questions based on reviewer suggestions, and uploads the updated version for a second review cycle if needed.
3
Platform Demo
A demo run with a sample scenario familiarizes players with the platform, tools, and answer format requirements before the real assessment. Same platform, demo scenario flag enabled.
4
Live Assessment
The Lead starts the 8-hour timed assessment. Players work through questions using Kibana, the CTI Workbench, and the DFIR VM. Two lead-triggered breaks are available. The Lead monitors everything in real time.
Scoring System
Attempt-Based Scoring

Each question allows up to 4 attempts. Score decreases with each wrong attempt. Question locks on the 5th attempt or when time expires.

100%
Attempt 1
75%
Attempt 2
50%
Attempt 3
25%
Attempt 4
๐Ÿ”’
5th โ†’ Lock
Assessment Integrity
Built-in Assessment Integrity

Participants are informed of all monitoring measures in the rules acknowledgment before the assessment begins.

๐Ÿ“‹
Tab Switch Logging
Every tab switch is logged with timestamp. Players legitimately using tools will show expected patterns.
๐Ÿ”’
One Active Session
Each player can only be logged in on one device. A new login invalidates previous sessions.
๐Ÿ”€
Randomized Question Order
Each player receives questions in a different randomized order, preventing coordination.
โฑ๏ธ
Answer Timing Analysis
Suspiciously fast answers relative to question difficulty are flagged in the report.
๐Ÿ“‹
Clipboard Monitoring
Paste events are detected and logged. Copy shortcuts are disabled within the platform.
๐Ÿท๏ธ
Player Watermark
Player name and ID are embedded in the interface, making screenshots traceable.
Get Started
Ready to Begin?

Register as a player to participate in the next assessment, or contact the Assessment Lead for reviewer access.