| Category | Name | Description | Difficulty [⭐⭐⭐⭐⭐] |
|---|---|---|---|
| Threat Intelligence | 1: The Card | Holmes receives a breadcrumb from Dr. Nicole Vale - fragments from a string of cyber incidents across Cogwork-1. Each lead ends the same way: a digital calling card signed JM. | ⭐⭐ |
| SOC | 2: The Watchman's Residue | With help from D.I. Lestrade, Holmes acquires logs from a compromised MSP connected to the city’s financial core. The MSP’s AI servicedesk bot looks to have been manipulated into leaking remote access keys - an old trick of Moriarty’s. | ⭐⭐⭐ |
| DFIR | 3: The Enduring Echo | LeStrade passes a disk image artifacts to Watson. It's one of the identified breach points, now showing abnormal CPU activity and anomalies in process logs. | ⭐⭐ |
| DFIR | 4: The Tunnel Without Walls | A memory dump from a connected Linux machine reveals covert network connections, fake services, and unusual redirects. Holmes investigates further to uncover how the attacker is manipulating the entire network! | ⭐⭐⭐⭐ |
| Malware Analysis | 5: The Payload | With the malware extracted, Holmes inspects its logic. The strain spreads silently across the entire network. Its goal? Not destruction-but something more persistent…friends. | ⭐⭐⭐⭐ |