Sherlocks User Guide
Diablo avatar
Written by Diablo
Updated over a week ago

Sherlocks serve as defensive investigatory scenarios designed to provide hands-on practice in replicating real-life cases. Players engage in a captivating narrative of a fictional scenario, tackling various obstacles to sharpen their defensive abilities. Sherlocks are intricately woven into a dynamic simulated corporate setting, elevating the overall learning journey.

Sherlocks Overview

From your Dedicated lab space, you can find the Sherlocks added by your admin.

They will be marked with the blue Defensive icon.

A Sherlock can fit into one of these categories:

  • DFIR

  • SOC

  • Malware Analysis

  • Threat Hunting

  • Threat Intelligence

  • Cloud

And with the difficulty of Easy, Medium, Hard, and Insane.

From the Dedicated Lab page, you can also keep track of how many questions you have solved for each Sherlock.

Upon clicking the VIEW button, you will be directed to the Sherlock page, where you will encounter three panels:

  • Play Sherlock: This is the main page that allows you to actively engage with the challenge and submit your answers.

  • About: In this panel, you will find a concise description of the challenge and the intriguing story that accompanies it. Gain insights into the background and context surrounding the Sherlock.

  • Activity: Within this panel, you can track the activity of your fellow teammates on the particular Sherlock challenge and stay updated on their progress

Playing Sherlocks

Presented with artifacts and supporting material, you are tasked to answer the series of questions based on your investigation.

After downloading the resources and examining them, you can start submitting answers.

The ZIP password for the resources is hacktheblue

Please be aware that Sherlocks may include real malware that requires careful handling.

  1. Mandatory Readme File: Each downloadable artifact will include a readme file that you must read thoroughly before proceeding with the exercise. This file contains vital instructions and precautions to ensure your safety throughout the experience.

  2. Explicit Warning: We want to emphasize that the files you download may contain malicious code. We strongly encourage you to employ a Virtual Machine (VM) when interacting with these artifacts. Using a VM provides an additional layer of protection for your system, preventing any potential harm.

Certain instances of Sherlocks are deployable machines. You must establish a connection by utilizing either the VPN file or Pwnbox. Afterward, SSH into the machine using the provided credentials to discover the artifacts necessary for the investigation within the system.

Once all answers are correctly submitted, you complete the Sherlock and get the designated points.


Each Sherlock will offer points on completion similar to how Machines offer points on completion :

Easy: 20 points

Medium: 30 points

Hard: 40 points

Insane: 50 points

Playing Modes

There are multiple playing modes for Sherlocks :

  • Linear: Answering an investigatory question successfully unlocks the next.

  • Free-flow: All investigatory questions are available to answer in any order you like.

Skill Progression

You can also check the skill progression for the Sherlocks separately from your Dedicated Lab dashboard:

For more information on the Enterprise Platform, visit our Enterprise Help Center:

Did this answer your question?