Earning Criteria

• Flag 43 - Your team is tasked to investigate and find any potential evidence relating to the "home-away-from-home signaling units".
• Flag 44 - The intercepted message stated information about a possible implant that could affect specific processes of a plant, are any systems showing signs of this type of activity based on the intel already provided.
• Flag 45 - Technicians from the SERC Regional Station have reported more frequent events with power GENERATION issues, causing temporary blackouts and destruction of local power equipment. Identify what is causing this issue.
• Flag 46 - One of the power stations appears to be distributing electricity above the max allowable threshold to maintain the load balancing capabilities for the region, you have been tasked to validate the power production and distribution at the plant.
• Flag 48 - In order for the adversary to more easily coordinate their actions, it appears that they are monitoring our own systems. How is the adversary getting data from the region, in order to trigger follow-on events? It is your task to determine how data is leaking.
• Flag 49 - What protocol is used for terminal services within the nerc.energy.grid domain?
• Flag 50 - What is the name of the system monitoring the electric grid?
• Flag 51 - What does ICS stand for?
• Flag 52 - What is the system command to restart the following service?
• Flag 53 - You were notified that a technician had questions about how to monitor the electric grid. What is the URL for Nations Eye?
• Flag 54 - How do you view user account information, and can you find the associated flag?
• Flag 55 - How do you view processes on a system, and can you find the associated flag?
• Flag 56 - Your team needs to identify whether any of the power plants have issues concerning authentication, are there any accounts that pose an issue?
• Flag 57 - It has been reported that there is a rogue system being detected. You will not have access to this system; however, it appears to have placed hidden SECRETS that are hiding within the region.
• Flag 58 - The controller at the SERC power station appears to be malfunctioning causing power spikes, although local technicians cannot find any issues with the equipment.
• Flag 59 - The controller at the SERC power station appears to be malfunctioning causing power spikes, although local technicians cannot find any issues with the equipment.
• Flag 60 - U.S. Cyber Command was able to identify further message traffic related to an imminent attack on the electric grid. Find and mitigate the threat without breaking the station.
• Flag 61 - What Power Plant does this region collect data for, but is not able to manage via Terminal Access?
• Flag 63 - What port is being used to transfer all the power plant data to the Nations Eye monitoring system?
• Flag 64 - What is the name of the utility that the Power Plant Console is made from?
• Flag 65 - When reviewing the log data from the Power Plants, what message type shows ONLINE or OFFLINE?
• Flag 66 - Your team has mitigated several issues within the Nation's Power Grid. Ensure you review the knowledge portal and identify how to restore the baseline settings to power station to prevent cascading events.
• Flag 67 - Your team has been tasked with ensuring appropriate ports and protocols are being utilized. A manager in one of the regions was identified last quarter's report of violations for federal networking procedures.
• Flag 68 - Your team is tasked with verifying access across the electric grid systems, You need to ensure that there are no unauthorized or rogue accounts being utilized.
• Flag 69 - The automated backup log transfer for their power plant data was unsuccessful. This is needed in order to perform big data analysis from last quarters data. Identify where the backup logs are on the manager, and analyze them to determine why the transfer never occurred.
• Flag 70 - You have been notified that Cyber Command uncovered a portion of a malicious script that they believe is part of the final kill commands. They identified that the destination was somewhere within the region.
• Flag 71 - What distributed network protocol is currently being utilized within electrical companies?
• Flag 72 - What does HMI stand for?
• Flag 73 - Telnet was replaced by what secure program in order to provide more secure terminal services?
• Flag 74 - When it is time for Challenge 1 to be available a flag will be provided in a notification.  Enter the FLAG from notification to unlock Challenge 1.
• Flag 75 - When it is time for Challenge 2 to be available a flag will be provided in a notification.  Enter the FLAG from the notification to unlock Challenge 2.
• Flag 76 - When it is time for Challenge 3 to be available a flag will be provided in a notification.  Enter the FLAG from the notification to unlock Challenge 3.
• Flag 77 - A recently terminated domain administrator was found to have left several backdoors can you see if you can find one?
• Flag 78 - Sally Clemson a local department manager has reported she seems to have more rights than she should.
• Flag 79 - U.S. Cyber Command has received notice of traffic being sent to one of the power plants in the MRO Region.