TLP - The Digital Forensics Podcast

Get involved in the exciting world of Digital Forensics and Incident Response with: Traffic Light Protocol. The Digital Forensics Podcast.

In each episode, we sit down with seasoned DFIR professionals, the blueteamers who work around the clock to investigate cyber intrusions. From data breaches to cyberattacks, they share firsthand accounts of some of the most intense investigations they've ever tackled, how they deal with burnout and the added pressure of cat and mouse while they learn about new attack chains.

All Episodes

TLP - The Digital Forensics Podcast

Episode 17 - Building a CTF

February 27, 2025 • Clint Marsden • Season 1 • Episode 17

Send us a text

So You Want to Build Your Own DFIR CTF?

Ever wanted to build your own Digital Forensics and Incident Response (DFIR) Capture the Flag (CTF) challenge but weren’t sure where to start? In this episode of Traffic Light Protocol, we share the how-to of CTF builders, making it easy for anyone—no pentesting skills required!

Today's episode includes:

Choosing Your CTF Theme – Using MITRE ATT&CK and APT tracking to craft a realistic attack scenario.
Setting Up the Lab – Spinning up a Windows VM, configuring Sysmon, and enabling forensic logging.
Running the Attack Simulations – Using Atomic Red Team to generate forensic artifacts.
Testing & Troubleshooting – Making sure your tests actually work before unleashing them on your team.
Building an Engaging Story – Crafting a compelling incident narrative that challenges analysts to think like investigators.

Resources mentioned in the podcast:

https://drive.google.com/drive/folders/1vF3y-OlsowjX9LUOi7ywDy8VgcfhWcUX?usp=sharing

People on this episode

Clint Marsden

Host

TLP - The Digital Forensics Podcast