Team Mint Security participated in the BOTS or BOSS of the SOC event which took place in Helsinki on the 13th of March. BOSS of the SOC is a Capture-the-flag (CTF) event using Splunk technology in an environment with a huge amount of data. The participants then uses Splunk to complete a variety of SOC-related questions and tasks.
BOTS is about the Blue Team
Unlike many other CTF events, BOSS of the SOC is about the Blue Team rather than the Red Team. This means you play on the defenders side of the table to find out about various cyber attacks instead of being the attacker. As the event progresses, the questions and challenges become more and more complicated. Many external sources of information and tools must be utilized. The correct answers may be hidden and found in a binary attachment inside a smtp stream. Of course you must first find the right smtp stream…
The Mint team consisted of Teemu, Saku, Putsi and Thomas. In the team, only Putsi had any kind of previous CTF experience and only Teemu and Thomas had experience with Splunk longer than “a couple of weeks”. With typical Finnish modesty we arrived with a winning mindset, but when it turned out that there were a total of 14 registered teams – and some were even organized as primary and secondary teams- we had to back off just the slightest.