AC-Hunter^™ CTF Challenge

AC-Hunter Simplified User Guide

To learn more about navigating and identifying threats using AC-Hunter, refer to this simplified user guide.

Notes

• Play around! Check out all of the features in AC-Hunter and have some fun getting used to the interface
• All available datasets in AC-Hunter (for the CTF and the others) have several compromised hosts for your threat hunting pleasure 🙂
• This version of AC-Hunter is set to read-only to prevent any accidental edits or whitelist entries, so some normally available features have been disabled
• Feel free to choose any of the other sample datasets in AC-Hunter, put on your Threat Hunter hat, and see if you can find other compromised hosts in the other sample datasets for fun

If you need help or have questions, you can reach out to us in our Discord Threat Hunter Community or email us your question directly.

Fun Thing to Try:

In the AC-Hunter Settings menu item “Themes” you can switch between “Game Mode” and “DaVinci Mode” themes:

AC-Hunter CTF Enviornment

This version of AC-Hunter is read-only to prevent accidental edits or whitelist entries, so some normally available features have been disabled.

Use the following information to log in to the read-only version of AC-Hunter:

• Web Link: https://ctf.aihhosted.com/
• Email: [email protected]
• Password: aW1hN6gI9eJ0kA7m

Once logged in, you will need to select a dataset. Once you have selected a dataset and clicked “Confirm”, it will bring you to the AC-Hunter dashboard screen with the selected dataset data loaded:

CTF Challenge Details

In this Capture The Flag challenge, you’ll use the read-only version of AC-Hunter to answer a series of threat hunting questions. Each answer has a point value of 10 or 15. You can use your collected points to receive hints to answer questions you may need help with.

For this CTF, you will use dataset dnscat2-ja3-strobe (highlighted in red below).

First, select “dnscat2-ja3-strobe” and click “Confirm” in the lower right-hand corner:

Once you have selected the dataset and clicked “Confirm”, it will bring you to the AC-Hunter dashboard screen with the selected dataset data loaded:

Good luck and have fun!

CTF Environment 

Complete the following steps to create an account at the CTF environment:

• Step 1: Access the CTF space here: https://achunter.ctfd.io/
• Step 2: Click “Register” on the right-hand side of the main menu bar
• Step 3: Create an account to access the CTF questions

Once you finish creating your account, you should see the Challenges screen like this:

The series of CTF questions correspond with the “dnscat2-ja3-strobe” dataset in AC-Hunter. Follow the steps below to access the AC-Hunter instance before attempting to answer any questions.