Show:
CTI Leads
Jira Tickets
The Clients
Anything CTI
Toolkits
100

What is Andrew and Andreas combined nickname?
(We love StarWars)

AT-AT 

100

Intruder tickets are known as what?

External Network Monitoring

100

CTIs biggest client 

Reyes

100

Name all CTI products that get sent out on a scheduled basis.
(Think before you answer) 

CA, Mini and monthly iDNA, 4+1, GTS. 

100

This toolkit helps map out techniques and sub techniques, as well as profiles threat groups and associated TTPs

MITRE ATT&CK

200

Where was the destination for Lydias last Europe trip?

Iceland

200

What is generally the first thing that is done once a ticket is created?

Respond to customer or stop SLA

200

Name the 3 clients who don't actively use Jira i.e. they get their alerts via email.

Fubo does not count!

FTP, Provant, Reyes.

200

How many Flash Advisories were sent out in 2024?

32

200

Name 3 toolkits you would use to check the reputation of any domain or IP. 

I'm not listing them all 

300

How many cats does Katey now have?

3 but don't forget the turtles, giraffes, rabbits, and chickens.  

300

What type of behaviors might be considered malicious or fraudulent on social media and a ticket created for. Hint: (There are 3)

  • Impersonations
  • Threats
  • Fraudulent spam/coordinated campaigns
300

Name 5 of CTIs "Operator" package clients

KGP, Leo, Provant, HubGroup, Compass, ICM, LineCo, SMS. 

300

In what document can you find the support ticket POC, ticketing instructions, and client distribution list. 

Products and Services Tracker

300

What less commonly used CTI toolkit allows you to search for vulnerabilities and exploits by vendor, product, or CVE?

Vulnerability Database (VulnDB)

400

Name 4 of the 5 leads military jobs?
Andrew, Andrea, Katey, Gabe, Lydia. 

Aviation Technician (Gabe)
Spanish linguist (Andrea)
Information Systems Technician (Katey)
Combo but Military Police 100% (Lydia)
Master at Arms (As Andrew says a dumb Cop)

400

Name 5 of the 7 data points we potentially ses via CAIS tickets.

  • Compromised account/target domain, usernames, computer name, operating system, passwords, infection time, machine ID.
400

Name every client that receives a iDNA report.
Hint: (We added a new client last month)

Leopardo, Reyes x2, FTP, KGP, Provant, SMS.

400

What is the number of the Threat Actors contained in the elastic V2 hacker tracker currently, rounded to the nearest 100. 

1600

400

What previously used CTI toolkit is used as a search engine for Internet-connected devices or to scrape the IOT. 

Shoadan

500

At any one point what was the max number of pets Andrea had? 

1 million (Her apartment was a zoo). I believe it was 7.

500

What is the only way that KGP tickets are ticketed as high severity and the specific wording that should be associated with the ticket?

ONLY for @KGPCo domain CREDENTIALS, not vendors (Bluestream, KGPTel, etc.).  All other tickets are informational. All comp creds are to be worded as "Potential Compromised Credentials"

500

There are 4 "ATO Prevention" Clients, name 3 of them. 

Fusion92, GRP Wegman, Rotary Airlock, Townsend 

500

Name 5 places internally where you could find info on a domain permutation that was already ticketed or discovered. 

Jira queue, Admin record, CTI Internal Operations tracker, CTI mailbox, iDNA report.

500

This toolkits shows the average total cost of a ransomware attack based on sector, and number of employees. It also has a variety of dashboards showing trends.  

ZULU (ZSCALER)