🎤 MicDrop - Rubrik CTF at RSA

Event Overview

Take a break from RSA, assemble your team, and join us for an exciting in-person Capture the Flag (CTF) event! The MicDrop CTF will spotlight Rubrik Security Cloud's (RSC) powerful capabilities, showing how RSC empowers organizations with true cyber resiliency. Key features you'll experience hands-on include: ✅ Data Protection – Back up and recover files, databases, and VMs to ensure data availability and ransomware resilience. ✅ Data Threat Analytics – Detect and analyze potential threats using IOCs, YARA rules, and hashes. ✅ Cyber Recovery – Restore operations securely with automated, network-isolated recovery and perform forensic analysis. ✅ Data Security Posture – Monitor and reduce sensitive data exposure to strengthen security and ensure compliance. This engaging, real-world ransomware scenario will demonstrate how RSC helps you protect, detect, and recover from cyber threats — all through an immersive, team-based CTF experience.

What to expect

Threat intel indicates that the APT known as the SpiceWorm team is targeting record labels with advanced ransomware campaigns. As a member of SAVE, you have been brought in to help Caladan Records prepare/detect/contain/recover their environment from imminent attack using Rubrik Security Cloud and master cyber resiliency. Within the game, specific Blue Team tools have been provided to help you successfully diagnose any malicious activity and vulnerabilities you may encounter. Below, you'll find a list of these tools, along with links to learning materials. If you are unfamiliar with these tools, these resources will help you get up to speed.
  • Rubrik Security Cloud
  • Wireshark
  • Ghidra
  • Zenmap
  • Burp Suite

Goals and Objectives

Teams will be dropped into a real-world ransomware scenario where they must: ✅Prepare the environment by establishing proper application recovery plans. ✅Detect & Analyze the attack using threat hunting and incident response tools. ✅Contain, Eradicate & Recover with Rubrik’s Cyber Resiliency platform. ✅Report post-incident findings to the board.

Who should attend?

Security Operations Center (SOC) Analysts & Threat Hunters, Incident Response (IR) & Cyber Recovery Teams, IT Infrastructure & Backup Administrators, CISOs & IT Security Leadership