Cyber RangeSentinelOneEndpoint SecuritySecurity
Cyber Range

SentinelOne CTF: Siren Song

Event Overview

SentinelOne delivers a unified, AI-powered platform for endpoint protection, detection, and response. The Singularity Operations Center gives security teams real-time visibility, autonomous remediation, and deep threat context—all from a single console. In this Capture the Flag (CTF) challenge, you'll step into the role of a cyber defender and use SentinelOne's Singularity platform to investigate and respond to a ransomware attack. This interactive experience offers a hands-on opportunity to apply core blue team skills while exploring SentinelOne’s capabilities in a dynamic, threat-rich environment. Primary tools utilized within the game: 🔹 SentinelOne Singularity Operations Center (EDR/XDR & incident response)

What to expect

Your first day at Caladan Records’ Security Operations Center starts with a welcome video — but the briefing is suddenly hijacked. A malicious APT group breaches the system mid-orientation, dropping ransomware across the environment and initiating a coordinated lateral movement attack. As part of the S1REN (Sentinel One Response Engagement Network) cyber defense team, your mission is to investigate the breach, uncover the attacker’s path, and contain the threat before irreversible damage is done.
  • Experience a guided emulation with interactive video-driven storyline
  • Investigate and respond using SentinelOne’s Singularity Operations Center
  • Analyze attacker behavior, detect lateral movement, and isolate infected endpoints
  • Test your response speed and blue team coordination under pressure

Goals and Objectives

Using any means necessary, your team (3-4 players) will have eight hours to detect, investigate, and respond to an emulated ransomware incident. You’ll use SentinelOne’s Singularity platform to identify affected hosts, uncover attacker behavior, and contain the threat. Points will be awarded based on successful detection, analysis, and remediation activities. Additional Tools & Resources 🔹 Basic command-line familiarity: bash, cmd, and PowerShell 🔹 Security analysis fundamentals: log analysis, detection of malicious TTPs 🔹 OS internals knowledge (Windows & Linux) 🔹 Virtual Cloud Orchestration and Administration: vCenter 🔹 Intro-level reverse engineering: Ghidra, IDA Free 🔹 Steganography and Decoding: CyberChef, Python

Who should attend?

This event is ideal for Blue Team practitioners, SOC analysts, IR specialists, and anyone evaluating SentinelOne’s capabilities in real-world scenarios. Whether you're new to SentinelOne or looking to sharpen your use of its platform, this hands-on challenge will deepen your incident response skill set. Perfect for: ✔ Security analysts, engineers, and incident responders ✔ Cyber teams seeking realistic hands-on EDR/XDR training ✔ Organizations assessing or onboarding SentinelOne ✔ Teams who want to improve blue team coordination and threat visibility

Related content

SentinelOne

SentinelOne delivers the defenses you need to prevent, detect, and undo— known and unknown — threats.
Partner

SentinelOne XDR

In this learning path you will gain a fundamental understanding of the SentinelOne XDR solution by exploring topics such as the architecture on which SentinelOne XDR is built and the configuration of agent policies. You will also learn about topics such as the endpoint response actions and XDR response actions that SentinelOne can leverage to stop a threat in its tracks.
Learning Path

Cyber Range - Initiation

Initiation is a Capture the Flag (CTF) lab meant to introduce you to the WWT Cyber Range platform and serve as a tutorial for future events. You will be introduced to the features and functionality as well as provided tips for success during future WWT Cyber Range CTFs. This lab will also allow you to test your access using the same platform we use for our live CTF events so you can make sure you will be ready on game day.
Advanced Configuration Lab
2158 launches