Sherlocks release on Nov. 13th, 2023. Stay tuned!
Sherlocks serve as defensive investigatory scenarios designed to provide hands-on practice in replicating real-life cases. Players engage in a captivating narrative of a fictional scenario, tackling various obstacles to sharpen their defensive abilities. Sherlocks are intricately woven into a dynamic simulated corporate setting, elevating the overall learning journey.
Sherlocks Overview
You can access Sherlocks from the left-side panel. Clicking there will lead you to the Sherlocks home page:
There, you'll discover a list of All Sherlocks, Active Sherlocks, Retired Sherlocks, and Scheduled releases. Similar to Machines, new Sherlocks are introduced every few weeks, staying active for a period before retiring.
A Sherlock can fit into one of these categories:
DFIR
SOC
Malware Analysis
Threat Hunting
Threat Intelligence
Cloud
And with the difficulty of Easy, Medium, Hard, and Insane.
On the Sherlock page, you will encounter three panels:
Play Sherlock: This is the main page that allows you to actively engage with the challenge and submit your answers.
Sherlock Info: In this panel, you will find a concise description of the challenge and the intriguing story that accompanies it. Gain insights into the background and context surrounding the Sherlock.
Reviews: This space is dedicated to user reviews and comments on the Sherlock
Playing Sherlocks
Presented with artifacts and supporting material, you are tasked to answer the series of questions based on your investigation.
After downloading the resources and examining them, you can start submitting answers.
The ZIP password for the resources is hacktheblue
Please be aware that Sherlocks may include real malware that requires careful handling.
Mandatory Readme File: Each downloadable artifact will include a readme file that you must read thoroughly before proceeding with the exercise. This file contains vital instructions and precautions to ensure your safety throughout the experience.
Explicit Warning: We want to emphasize that the files you download may contain malicious code. We strongly encourage you to employ a Virtual Machine (VM) when interacting with these artifacts. Using a VM provides an additional layer of protection for your system, preventing any potential harm.
Once all answers are correctly submitted, you complete the Sherlock.
Playing Modes
There are multiple playing modes for Sherlocks :
Linear: Answering an investigatory question successfully unlocks the next.
Free-flow: All investigatory questions are available to answer in any order you like.