News

Threat Hunting with Vectra during CTF in Zurich and Geneva

Written by Swiss Post Cybersecurity | Jul 1, 2026 11:37:38 AM

The Vectra Threat Hunter CTF was designed as an intermediate/advanced hands-on workshop for security professionals interested in practical investigation, threat hunting and detection-driven analysis. Offered free of charge as part of the Swiss Post Cybersecurity Hack Events, the CTF gave participants the opportunity to sharpen their skills through realistic defender scenarios inspired by real-world attack techniques.

Capture the Flag Challenge

The format was a Jeopardy-style Capture the Flag more than 20 challenges to be solved in approximately 90 minutes. Participants had to investigate independently, build hypotheses, pivot through the available data and validate their findings based on technical evidence.

The challenges focused on practical threat hunting and investigation workflows, with a strong emphasis on

  • Network Metadata
  • Event Search, and
  • Advanced Investigation.


Security engineers sharpened their investigation skills

This was not a beginner workshop and not a guided training.

Participants were expected to work like real security analysts: conducting research where needed, correlating signals, following attacker behavior, and understanding the context behind each flag.

The content covered realistic defender scenarios across Network Metadata and detection-driven investigation. Key focus areas included DNS, HTTP, SSL/TLS, SMB, Kerberos, LDAP, RDP, and RPC, as well as techniques such as exfiltration, command and control, credential access, lateral movement, and defense evasion.

This workshop is well-suited for an audience with a solid security background who want to deepen their practical investigation and threat hunting skills in a competitive format.

Swiss SOC powered by partnership with Vectra 

Swiss Post Cybersecurity has a long-standing partnership with Vectra, using the Vectra platform as a significant part of the Cyber Defence Center. This enables the Swiss SOC engineers to provide reliable solutions to organizations and government institutions.

Leandro Kalt, Security Engineer, Vectra:
"Participating in and co-organizing the Vectra Threat Hunter CTF together with Swiss Post Cybersecurity was a great experience. A CTF is a very effective way to bring technology, investigation methodology and real-world attacker behaviors together in a hands-on format.
The participants had to think like analysts, build hypotheses, follow the evidence and use the Vectra AI Platform to understand what was happening in the environment. The energy in Zurich and Geneva was excellent, and the feedback confirmed that this format is a strong way to demonstrate the value of threat hunting and detection-driven investigation.”

 

Deniz Mutlu, Director Strategic Partners, Swiss Post Cybersecurity:
"Since the first editions of our Hack Events, I have always loved organizing CTFs because they create a very special energy: deep concentration, curiosity, competition and a strong sense of community. For me, this is one of the best ways to learn.
Sharing is caring, but learning by doing is definitely the most powerful way to discover, understand and promote the technologies of the strategic partners we trust. With Vectra, we were able to build a realistic threat hunting experience that allowed participants to investigate real-world scenarios and see the value of the platform in action."

 

Behind the scenes: a joint effort between Vectra and Swiss Post Cybersecurity

Organizing a Capture the Flag experience is always a challenge, and each edition of the Hack Events is an opportunity to bring something new to the community. After previous editions featuring Splunk Boss of the SOC and Microsoft Into the Breach, Swiss Post Cybersecurity worked closely with Vectra to create a dedicated Threat Hunting CTF tailored for the Hack Events in Zurich and Geneva.

Over several weeks of preparation, Deniz Mutlu, Director Strategic Partners at Swiss Post Cybersecurity and Microsoft Security MVP, worked together with Leandro Kalt, Rudi Jäger and the Vectra engineering team to shape realistic investigation scenarios and create a hands-on experience around the Vectra AI Platform.

On site, Deniz Mutlu and Leandro Kalt acted as Game Masters, supported by Michael Liechti, Pre-Sales Consultant at Swiss Post Cybersecurity, to guide participants and ensure the best possible experience. The atmosphere was also part of the concept: minimal trance music, lighting, food and drinks helped create the right conditions for a focused, competitive and engaging evening.

Even the trophies were part of the story: they were 3D-printed by Swiss Post Cybersecurity, with laser-engraved labels also prepared and assembled by the company itself. A true team effort from preparation to podium.

Do you want to participate in our next CTF?

So sign up for our newsletter in which we will inform about upcoming events, webinars and cybersecurity trends.