CTFs & Labs

This page will serve as a curated list of helpful DFIR related CTFs and Labs.

TitleDeveloperTypeCategoryRelease Year
IR003: Stealthy Network Breach and EscalationBlue Cape SecurityLabNetwork Intrustion2025
IR002: Operation Red EchoBlue Cape SecurityLabNetwork Intrustion2025
IR001: Operation Quiet TunnelBlue Cape SecurityLabRansomware2025
FOR004: Suspicious LogonsBlue Cape SecurityLabEndpoint Forensics2025
FOR003: Unauthorized AccessBlue Cape SecurityLabEndpoint Forensics2025
FOR002: Suspicious Network ConnectionsBlue Cape SecurityLabEndpoint Forensics2025
FOR001: Disgruntled Manager’s ExodusBlue Cape SecurityLabEndpoint Forensics2025
BlackSuit Ransomware - Private Case #29354The DFIR ReportLabRansomware2024
Backdoors and LockBit - Private Case #27138The DFIR ReportLabRansomware2024
LockBit Ransomware - Private Case #27244The DFIR ReportLabRansomware2024
DFIR Labs CTFThe DFIR ReportCTFVarious2024 - Present
Dagon Locker Ransomware - Private Case #23825The DFIR ReportLabRansomware2024
Qbot Leads to Domain Compromise - Private Case #27101The DFIR ReportLabNetwork Intrustion2024
NetSupport Intrusion Results in Domain Compromise - Public Case #19438The DFIR ReportLabNetwork Intrustion2024
A Truly Graceful Wipe Out - Public Case #21619The DFIR ReportLabNetwork Intrustion2024
ALPHV Ransomware - Public Case #24952The DFIR ReportLabRansomware2024
BlueSky Ransomware - Public Case #19208The DFIR ReportLabRansomware2024
Elpaco-Team Ransomware - Public Case #30043The DFIR ReportLabRansomware2025
Mud In The Water - Private Case #29823The DFIR ReportLabNetwork Intrustion2025
RansomHub Leads to Domain Compromise – Private Case #33490The DFIR ReportLabRansomware2025
Husky CorpXINTRALabAPT2024
Waifu UniversityXINTRALabRansomware2024
Assassin KittyXINTRALabAPT2024
Virus VipersXINTRALabAPT2024
Linux Forensic CasesAli HadiLabEndpoint Forensics2024
Unallocated Disk Space #01 - Investigation Case 1Ali HadiLabEndpoint Forensics2024
Memory Forensics #01 - RansomCare Investigation Case 1Ali HadiLabMemory Forensics2024
Challenge #11 - Where Did Administrator Go?Ali HadiLabEndpoint Forensics2024
Challenge #10 - Meeting Location CaseAli HadiLabEndpoint Forensics2023
Challenge #9 - Encrypt Them All CaseAli HadiLabEndpoint Forensics2023
Challenge #8 - NTFS File System CaseAli HadiLabEndpoint Forensics2023
Challenge #7 - SysInternals CaseAli HadiLabEndpoint Forensics2022
Challenge #6 - Browser Policy Violation CaseAli HadiLabEndpoint Forensics2021
Challenge #5 - BSides Amman 2021 2nd Edition / Windows Forensics Workshop CaseAli HadiLabEndpoint Forensics2021
Case 002 - Hudak's HoneypotDFIR MadnessLabVarious2021
LetsDefendLetsDefendCTFVarious2021
Mini Memory CTF - A Memory Forensics Challenge13CubedLabMemory Forensics2020
MemLabsAbhiram Kumar PatiballaCTFMemory Forensics2020
Challenge #4 - Launching Attacks from Alternate Data StreamsAli HadiLabEndpoint Forensics2020
Challenge #3 - Mystery Hacked SystemAli HadiLabEndpoint Forensics2020
Challenge #2 - User Policy Violation CaseAli HadiLabEndpoint Forensics2020
Challenge #1 - Web Server CaseAli HadiLabVarious2020
Blue Team Labs OnlineBlue Team Labs OnlineCTFVarious2020
CyberDefendersCyberDefendersCTFVarious2020
Case 001 - The Case of the Stolen Szechuan SauceDFIR MadnessLabVarious2020
Pulling Threads13CubedLabMemory Forensics2019
2019 TuckDigital CorporaLabEndpoint Forensics2019
2019 OwlDigital CorporaLabVarious2019
2019 NarcosDigital CorporaLabVarious2019
TryHackMeTryHackMeCTFVarious2019
2018 Lone Wolf ScenarioDigital CorporaLabVarious2018
HackTheBoxHackTheBoxCTFVarious2017
2012 National Gallery DC AttackDigital CorporaLabVarious2012
2009 M57-Patents ScenarioDigital CorporaLabVarious2009
2008 Nitroba University Harassment ScenarioDigital CorporaLabNetwork Forensics2008
2008 M57-JeanDigital CorporaLabEndpoint Forensics2008