Show:
Overtime!
How We Do It
Stay Frosty
It Wasn't Me!
FTLC
100
IT = OSI


OT = ?
What is Purdue model?
100

Created by FIRST, these are designations used to ensure that sensitive information is shared with the correct audience.

What is Traffic Light Protocol?

100

Identifying and compromising specific, legitimate websites that are commonly visited by your target.

What is a watering hole attack?
100
While their name has its roots from a Japanese term for 'supernatural, god-of-death being', they infiltrated the website of our senate (PH) and exposed sensitive data of 31 government and private entities few years ago.

Who is DeathNote Hackers (DNH)?

100

Happens every 4 years that cuts rewards for ____ by 50%.

What is Halving?

200

2010, centrifuge, PLC, USB

What is Stuxnet?

200

An open signature format used for finding actions (logs), this specializes in detecting behaviors vs identifying artifacts.

What is a Sigma rule?

200

Instead of stealing a password, this attack involves 'pinning' a new digital certificate to a user's account to gain a permanent backdoor.

What is a Shadow Credentials attack?
200

Naming convention used by Mandiant for tracking clusters of related malicious activities coming from cyber criminal groups.

What is UNC?

200

Hardy Heron, Jaunty Jackalope, Lucid Lynx, Precise Pangolin.

What is Ubuntu?

300

Under level 1 of Purdue model, these equipment gather and forward data to a SCADA or PLC.

What is an RTU (Remote Terminal Unit)?
300

How much data can you afford to lose?

What is Recovery Point Objective (RPO)?

300

DoS that targets XML parsers. It doesn't rely on massive network traffic; instead it uses a very small file to crash a system by forcing it to consume massive amounts of memory and CPU.

What is Billion Laughs Attack?

300

Remix, Tracer, Helix, Static

What is _____-Kitten APT group?

300

A human judge engages in text-based, natural language conversations with a human and a machine. If the judge cannot tell which is which, the machine passes.

- 1950

What is Turing test?

400

2015, powergrid, BlackEnergy

CLUE: I'm looking for the country

What is Ukraine?

400

While "crown jewels" refer to what's most valuable, this is considered a crown jewel that is vulnerable or reachable by an attacker.

What is a Critically Exposed Asset (CEA)?

400

Wardriving is the process of tracking down and identifying signals like Wi-Fi, but this is going further to make literal graffiti where signals are found.

What is warchalking?

400

DarkSide compromised this entity last May 2021, which crippled the supply to consumers in the eastern seaboard of US.

Who is Colonial Pipeline?

400

Introduced by Anthropic late 2024, this answers the question on how to connect AI models to the data they need.

What is Model Context Protocol (MCP)?

500

To communicate with diverse industrial hardware without writing custom drivers for every device, most OT software uses this "middleman" standard, which has evolved from a COM-based version to a more secure "Unified Architecture."

What is OPC (Open Platform Communications)?

500

A noisy one recently, this framework bridges/binds the gap between Go backend and web-based frontend. 

What is Wails Framework?

500

These are replay attacks targetting TLS 1.3 and QUIC protocols where attackers intercept and resend "early data" packets such as HTTP POST requests.

What is 0-RTT attack?

500

They are famous for a "calling card" where they leave Shakespearean quotes or references to popular movies inside their code. 

CLUE: Maze

Who is the Lazarus group (or Labyrinth Chollima)?

500

Specific part of the neural network where the actual "learning" is stored. It is a numerical value that determines how much influence one neuron has on another.

What are weights (or parameters)?