Event Challenges

Once joined in an event, visit the event challenges page to see the list of challenges.

ThreatSims challenges are usually grouped into series of challenges that are related to each other.

Each challenge series is delivered through a specific challenge type:

• Downloadable Challenge: A challenge that is delivered through a downloadable file.
• Container Challenge: A challenge that is hosted in a remote docker container.
• Machine Challenge: A challenge that is hosted on a remote virtual machine.

Downloadable Challenges

Here’s what a typical challenge series of a downloadable challenge looks like:

Here is a quick summary of all the information listed here:

1. The challenge series is called “Fallen Diagnosis” and has four challenges (4 flags).
2. Each challenge is tagged “forensics”, so the challenge involve forensic analysis.
3. Solving each challenge will add 20 points to your score.
4. The challenges contain the badge “unsolved”, so they are yet to be solved by you or your teammates.
5. There is a download button beside the series name, allowing you to download the challenge files.

Select a challenge to view more details about it:

As you can see, the challenge problem and necessary information is provided in the description. If a challenge requires you to interact with a remote host, it will be specified in the description.

A flag format may or may not be specified in the description. Unless specified, try submitting your answer directly as a flag.

Container Challenges

A Container Challenge is a challenge that requires you to interact with a remote address on the internet to solve the challenge.

The remote address can be an HTTP link, TCP connection address, or hostname. Here’s what a typical Container Challenge series looks like:

To get the remote address, click the power button beside the series name. A new modal will be displayed to spawn a container:

Click the Spawn container button. It can take up to a minute for the container to be created in the cloud. Once created, the remote address will be displayed like the following:

Some important details about containers:

• A container is unique for your team and shared between all team members.
• Any member of your team can start and stop a container.
• The active container limit indicates that your team has X / N containers, where N is the maximum number of active containers allowed.
• If the maximum number of active containers is reached, turn off any other challenge container not being worked on by your team to free up the limit.
• A container will stay active for a limited amount of time before expiring. Once expires, you can start the container again.
• If you solve all the flags of a challenge series, the container will automatically terminate.
• If a container becomes unresponsive, you can terminate and spawn a new container.

Machine Challenges

A Machine Challenge is a form of challenge where the entire host is in scope and may contain services on various ports you can interact with to solve the challenge. It’s also sometimes referred to as a boot2root challenge, where you start by booting the machine and exploit till you get root privileges.

ThreatSims provides private event labs to spawn such machine challenges. The lab is accessible to all the team members. Each member of your team has to generate their own OpenVPN config to connect to the lab.

More on the event labs can be found in the Event Labs page.

Similar to container challenges, you can spawn a machine challenge by clicking the power button beside the series name.