2025-10-30 –, Workshop
In this Halloween-themed dataset, you will investigate a cyber incident inspired by a real world threat actor. Your goal? Finding out what happened and how, building a timeline, and collecting IOCs. All from the comfort of your browser, using Azure Data Explorer (ADX) and the Kusto Query Language (KQL).
Curious about the blue side of cybersecurity? Enjoying puzzles and detective games? Or needing some exposure to the Kusto Query Language?
Welcome to this workshop that walks you through an incident-response type investigation!
Starting off with a nugget of information, we will dive headfirst into the provided dataset on Azure Data Explorer. With carefully (or messily, I'm not one to judge) crafted KQL queries, we will trace the attacker's steps until we get the full picture, from reconnaissance to actions on objectives (yes, that's the Cyber Kill Chain).
Don't forget to take notes! At the end of the session, we will draw up a timeline of events and compile some IOCs in a table, two elements that are important in a report.
Worried about KQL being a new "language"? I will start off the session with a short intro and will provide you with a "cheatsheet" to help you along the way.
Kellamity is a volunteer Threat Intel Content Lead at KC7. This free platform teaches concepts of incident response and threat hunting in a gamified way to everyone, from school students to career changers.
From a literature and languages background, they started playing --quite obsessively-- on KC7 at the beginning of 2024, and after making it quickly to the top of the leaderboard and helping others over on Discord, they were offered to join the team. Which they quickly accepted, because giving back to the community is great, and creating new scenarios is fun!