AC-Hunter CTF Challenge

Welcome to the AC-Hunter CTF Challenge!

Below are instructions for accessing the AC-Hunter CTF environment and AC-Hunter CTF instance.

Please read before starting the challenge.

Challenge Details

In this Capture The Flag challenge, you’ll use a read-only version of AC-Hunter to answer a series of threat hunting questions. Each answer has a point value of 10 or 15. You can use your collected points to receive hints to answer questions you may need help with.


Good luck and have fun!

Getting Started

Complete the following steps to create an account at the CTF environment:

  • Step 1: Access the CTF space here:
  • Step 2: Click “Register” on the right-hand side of the main menu bar
  • Step 3: Create an account to access the CTF questions


Once you finish creating your account, you should see the Challenges screen like this:

The series of CTF questions correspond with the “dnscat2-ja3-strobe” dataset in AC-Hunter. Follow the steps below to access the AC-Hunter instance before attempting to answer any questions.

AC-Hunter CTF Instance

This version of AC-Hunter is read-only to prevent accidental edits or whitelist entries, so some normally available features have been disabled.

Use the following information to log in to the read-only version of AC-Hunter:


Once logged in, you will need to select a dataset. For this CTF, you will use dataset dnscat2-ja3-strobe (highlighted in red below).

First, select “dnscat2-ja3-strobe” and click “Confirm” in the lower right-hand corner:

Once you have selected the dataset and clicked “Confirm”, it will bring you to the AC-Hunter dashboard screen with the selected dataset data loaded:

Switching Datasets

The series of CTF questions corresponds with the dnscat2-ja3-strobe dataset in AC-Hunter.

To switch between datasets and access the AC-Hunter settings: From the Dashboard, click the gear icon (circled in green below) on the upper-right-hand side of the dashboard:

In the Database section of the AC-Hunter Settings screen, choose the new dataset and click Confirm in the bottom-right corner:

AC-Hunter CTF User Guide

To learn more about navigating and identifying threats using AC-Hunter, refer to this simplified user guide for use with this CTF.



  • Play around! Check out all of the features in AC-Hunter and have some fun getting used to the interface
  • All available datasets in AC-Hunter (for the CTF and the others) have several compromised hosts for your threat hunting pleasure 🙂
  • This version of AC-Hunter is set to read-only to prevent any accidental edits or whitelist entries, so some normally available features have been disabled
  • Feel free to choose any of the other sample datasets in AC-Hunter, put on your Threat Hunter hat, and see if you can find other compromised hosts in the other sample datasets for fun


If you need help or have questions, you can reach out to us in our Discord Threat Hunter Community or email us your question directly.

Fun Thing to Try:

In the AC-Hunter Settings menu item “Themes” you can switch between “Game Mode” and “DaVinci Mode” themes:

If you’ve enjoyed using AC-Hunter and are looking for more information:

Active Countermeasures Posts Related to Threat Hunting: