Secure Corporate Financial Systems (SCFS) Incident Briefing

The Secure Corporate Financial Systems (SCFS) Security Operations Center has detected irregular activity within the internal operations portal.

Preliminary investigation suggests that internal records, financial exports, and operational data may have been accessed in ways that bypass normal access controls.

Your team has been granted analyst-level access to investigate the environment, reconstruct the incident, and determine what security failures occurred.

Analyst Access

Username: ir_analyst
Password: Welcome2024!

SOC Portal:
https://portal.scfs-labs.com

Mission Objectives

Your team must investigate the environment and determine what happened.

Objectives include:

• Investigating the SCFS portal for potential vulnerabilities
• Identifying exposed operational records
• Discovering evidence of sensitive data exposure
• Determining whether persistence mechanisms have been left behind
• Thinking about how the discovered issues should be remediated

Each objective will reveal a flag in the format:

SCFS{example_flag}

Submit discovered flags through the challenge portal.

Rules of Engagement

• Stay within the provided challenge environment only
• Only interact with the SCFS portal and the CTF challenge platform
• Do not target the hosting infrastructure or underlying servers
• No denial-of-service attacks or brute-force flooding
• Do not intentionally modify or destroy data within the environment
• Do not attempt to attack other participants or external systems

Focus on investigation, analysis, and reasoning.

Exercise Philosophy

This workshop is designed as a learning and investigation exercise, not purely a competitive challenge.

Participants are encouraged to:

• Think like an incident responder
• Understand why the vulnerability exists
• Consider how the issue should be remediated
• Discuss findings and reasoning with teammates

Progress and reasoning are more important than speed.

Important Notes

• You do not need a real email address to register
• Accounts will be deleted after the event
• If something behaves unexpectedly, refresh or re-login before assuming it is part of the challenge

Investigation Mindset

Find the weakness.
Understand the impact.
Explain the fix.

"A king may move a man, but a wise man moves himself."