Challenge Creation
The CasinoLimit challenge consists in two networks of 4 vulnerable machines, creating 7 attack positions. It is designed to encourage a wide range of attack tactics and techniques. It was created using URSID from a set of chosen vulnerabilities.
CTF Competition
This challenge was proposed during the BzhCTF 2024 competition. During this event, 114 instances of the challenge were played. By replicating the scenario across multiple teams, we increase behavioral diversity and enable meaningful comparisons.
Labeling
The collected data is labeled using Manatee, a semi-automatic labeling tool based on MITRE ATT&CK techniques. It combines shell session analysis, network log propagation, and expert review to ensure high-quality labels on both system and network logs.
Analysis
Comprehensive analysis of the labeled data to extract insights and patterns. This includes pattern mining, visualization of attack techniques, and comparison across teams. The analysis helps identify common strategies, highlight rare behaviors, and enhance our understanding of attacker behavior. Potential bias in the dataset are also discussed.
Applications
Many applications of such datasets exist. These include attack classification, offensive model training, and anomaly detection in cybersecurity contexts. We highlight that players can be identified by their unique command-line habits in the vulnerable environment.