Cyber RangeZscaler
Cyber Range

Zscaler CTF: Code Blue

Event Overview

Zscaler delivers a cloud‑native security platform to protect and enable modern organizations. This Capture the Flag event highlights core Zscaler technologies, giving you the chance to test your skills against real‑world threats. Tools Utilized in the game: 🔷 Zscaler Internet Access (ZIA) – secure web gateway, threat detection, and traffic inspection 🔷 Zscaler Private Access (ZPA) – zero trust access to internal applications You and your team defend Sea Cure Health, a healthcare organization under attack by the APT group SCRUBzero. Suspicious traffic, phishing lures, and SQL injection attempts threaten patient data. Your mission: investigate alerts, trace attacker actions, and use Zscaler technologies to stop exfiltration and secure critical systems.

What to expect

A sophisticated APT group known as SCRUBzero has infiltrated Sea Cure Health, a mid‑sized healthcare and research organization. With patient data at risk and suspicious traffic escalating, the company has enlisted your team to investigate, contain, and stop the attack before sensitive information is lost.
  • Explore a custom scenario based on Zscaler: This challenge has been meticulously crafted to emulate a real‑world breach, leveraging Zscaler Internet Access (ZIA), Zscaler Private Access (ZPA), and Data Protection tools to give you a realistic and demanding environment.
  • Test your skills: You’ll face phishing lures, command‑and‑control traffic, SQL injection attempts, and data exfiltration incidents that will put your knowledge of Zscaler technologies — and your ability to think like a Blue Team defender — to the test.

Goals and Objectives

Using any means necessary, your team (3–4 players) has four hours to investigate Sea Cure Health’s environment, identify compromised systems and attacker footholds, and defend the organization’s critical applications and patient data from SCRUBzero. Additional tools utilized within the game: 🔷 Wireshark 🔷 Ghidra

Who should attend?

Teams who need training on Blue Team tactics, SOC analysts, Incident Response specialists, Network and Cloud Security Engineers, Cybersecurity Engineers and Architects, and healthcare IT teams focused on protecting sensitive data. This CTF is also ideal for groups looking to up‑level their skill sets with Zscaler technologies and build stronger ways of working together under pressure.

Related content

ATC+

SASE - Zscaler Internet Access (ZIA)

Zscaler ZIA, or Zscaler Internet Access, is a cloud-based security solution that provides secure access to the internet for users and devices within an organization. It offers a comprehensive set of security features that protect against a wide range of threats, including malware, phishing and other cyber attacks. In this learning path, we will explore the Zscaler ZIA architecture as well as the configuration and validation of the many security components that ZIA provides. You will also learn about many administration options of the platform like Authentication, Analytics, Logging capabilities, Traffic forwarding options and many more.
Learning Path
Intermediate

Cyber Range - Initiation

Initiation is a Capture the Flag (CTF) lab meant to introduce you to the WWT Cyber Range platform and serve as a tutorial for future events. You will be introduced to the features and functionality as well as provided tips for success during future WWT Cyber Range CTFs. This lab will also allow you to test your access using the same platform we use for our live CTF events so you can make sure you will be ready on game day.
Advanced Configuration Lab
Fundamentals
2945 launches

Zscaler Zero Trust Lab

Zscaler is responsible for securing more than 400 of the Forbes Global 2000 companies. They provide security as a service delivered through a purpose-built, globally distributed platform. The focus of this lab is zero trust access utilizing a solution known as Zscaler Private Access (ZPA). ZPA is a cloud service that provides seamless, zero trust access to private applications running on public cloud or within the data center. With ZPA, applications don't need to be exposed to the internet, making them completely invisible to unauthorized users. This service enables the applications to connect to users via inside-out connectivity versus extending the network to them. It disrupts legacy approaches to remote access such as traditional VPN, establishing per-service dynamic encryption and trust evaluation.
Foundations Lab
Fundamentals
1075 launches