Capture the Flag: A Cybersecurity Challenge with Cado

Written by Calum Hall | Mar 17, 2025 9:00:00 AM

Capture the Flag (CTF) challenges have long been a cornerstone in cybersecurity training, offering professionals a dynamic environment to hone their skills. At Cado Security, we've enhanced this experience by crafting CTF events that immerse participants in real-world cloud security scenarios, discovered by the Cado Security Labs Team, such as DIICOT and Commando Cat.

Immersive Hands-On Experience

Our CTFs are designed to provide hands-on experience, allowing participants to:

Utilize Cado Platform Tools: Engage directly with the Cado Platform to streamline investigation and response processes in cloud-based incidents. This practical application ensures that participants can efficiently navigate and utilize our tools in real-world situations.
Explore AWS EC2 Compromises: Delve into the tactics employed by threat actors to compromise AWS EC2 instances. Participants investigate real-world malware strains, such as Diicot (formerly Mexals), first discovered by Cado Security Labs in June 2023. This exploration provides a deep understanding of vulnerabilities and attack vectors specific to AWS environments.
Refine Investigation Skills: Learn and apply best practices for identifying the root cause and scope of cloud-based incidents. Our challenges are based on real-world scenarios, offering participants the opportunity to enhance their investigative techniques in a controlled environment.

DIICOT: An Emerging Threat in Focus

Most recently, Cado Security hosted a Capture the Flag (CTF) event centered on DIICOT, an emerging Romanian threat actor, which was previously investigated by Cado Security Labs. This showcased a multifaceted attack methodology. From self-propagating initial access tools to cryptojacking and deploying Mirai-based botnet agents, demonstrating versatility and adaptability in its malicious operations (thus allowing participants to see first hand how the platform simplifies complex forensic investigations in cloud environments), this event offered cybersecurity professionals an opportunity to experience the Cado platform in action.

Example modified UPX header from DIICOT campaign

Cado Security's CTF challenges are more than just competitions; they are comprehensive learning experiences designed to equip cybersecurity professionals with the skills and knowledge necessary to tackle modern cloud security threats. By participating, you'll not only test your current abilities but also expand your expertise in cloud forensics and incident response.

Exploring the Cado Platform: Real-World Threats, Real-Time Analysis

The event started with an overview of the Cado Platform’s core features, followed by a hands-on demonstration. Participants were then given access to the Cado Platform to investigate the CTF’s DIICOT-themed challenges. By using the platform’s powerful analysis capabilities, participants uncovered indicators of compromise, tracked tactics used by DIICOT, and experienced how the Cado Platform supports fast, efficient investigations.

The Cado Platform

Throughout the session, the Cado team was on hand to provide support, offer guidance on the platform’s advanced forensic capabilities, and address any participant questions. This CTF was an opportunity for participants to see how the Cado platform works with real-life threat data, showcasing how it can streamline investigations and enable teams to respond to advanced threats in cloud environments, asking questions such as:

Where were the additional payloads saved?
What MITRE ATT&CK Defense Evasion techniques were used?
What is the domain name of the Voice/Communications platform used for C2?

Stay tuned to our blog and official channels for updates on future public CTF events and opportunities to engage with both the Cado Platform and the wider Cado community.

Interested in a CTF Challenge just for your organization? Learn more here.

View full post