Cyber RangeF5
Cyber Range

F5 CTF: Tempest

Event Overview

Whirlwind Wealth has suffered catastrophic damage following an F5 tornado hitting their primary data center. Luckily, they have a DR data center that all critical services have fallen back to. Unfortunately, the security state at the DR site is less than ideal, as updates and security patching often takes place as an afterthought. Additionally, there are some well known threat actors that target companies in similar situations. Your team is tasked with determining the current state of security on the critical web application and AI chat bot, determine if any threat actors are already targeting the company, and implement controls to prevent further attacks. Are you up to the task?

What to expect

Whirlwind Wealth has suffered catastrophic damage after an F5 tornado destroyed their primary data center. Critical services have failed over to a disaster recovery site, but the security posture there is weak — patching and updates have been neglected, leaving the environment exposed. Opportunistic threat actors are already probing for vulnerabilities, and your team has been enlisted to investigate, contain, and stop the attack before customer data and financial systems are compromised.
  • This Capture the Flag challenge has been meticulously crafted to emulate a real‑world breach. You’ll leverage F5 BIG‑IP Advanced WAF for application inspection, NGINX for securing APIs and app delivery, and F5 Distributed Cloud Services to harden workloads across hybrid environments.
  • You’ll face web application exploits, API abuse, container compromises, and protocol anomalies. You’ll put your knowledge of F5 technologies — and your ability to defend a weakened DR environment under pressure — to the test.

Goals and Objectives

Using any means necessary, your team (3–4 players) has six hours to investigate your organization’s environment, identify compromised systems and attacker footholds, and defend critical applications and data against a sophisticated adversary campaign. Additional tools utilized within the game: 🔷 F5 BIG‑IP Advanced WAF – web application firewall for application inspection and protection against exploits 🔷 F5 NGINX – application delivery and reverse proxy for securing modern apps and APIs 🔷 F5 Distributed Cloud Services – zero trust networking, DDoS mitigation, and app security across hybrid environments

Who should attend?

Teams seeking training on Blue Team tactics, SOC analysts, Incident Response specialists, Application Security Engineers, Infrastructure and Cloud Engineers, Cybersecurity Architects, and DevSecOps teams working with containers and APIs

Related content

Cyber Range - Initiation

Initiation is a Capture the Flag (CTF) lab meant to introduce you to the WWT Cyber Range platform and serve as a tutorial for future events. You will be introduced to the features and functionality as well as provided tips for success during future WWT Cyber Range CTFs. This lab will also allow you to test your access using the same platform we use for our live CTF events so you can make sure you will be ready on game day.
Advanced Configuration Lab
Fundamentals
2835 launches