UNCLASSIFIED
TRAINING USE ONLY · v1.0.4
Operation Iron Veil
Cyber Protection Team 169
0 / 25 Tier 1
YOUR ENTRY POINT
SSH: ssh YOUR_CALLSIGN@range-host -p 22 Password: your registered password
OPERATION TRACKER
SKILL BADGES
0/12
OPERATION IRON VEIL
OPERATION IRON VEIL · CYBER PROTECTION TEAM 169 · MDARNG
125
FLAGS
5
TIERS
17
NODES
8
NETWORKS
RESOURCES
📖 WOBC Notes 💻 169CPT CCTC 🏠 CPT 169
17C AIT · 170A WOBC · 17A RECLASS · CCT PIPELINE
TRAINING USE ONLY · v1.0.4
UNCLASSIFIED
COMPETENCY BREAKDOWN
UNCLASSIFIED
CPT 169
OPERATION IRON VEIL
CYBER PROTECTION TEAM 169
ACCESS RESTRICTED
MISSION ELEMENT LEAD ACCESS

ME Lead — authenticate to take operational oversight of your operators. The instructor dashboard surfaces per-operator tier progression, support requests, and intervention controls (flag override, password reset, manual unlocks).

Use this view to monitor operator health, unblock students stalled mid-tier, and coordinate ME tempo across the operation.

RANK
NAME
MISSION ELEMENT
ACCESS CODE
UNIT LEADERSHIP ACCESS

Unit leadership — authenticate to access the commander dashboard. Surfaces ME health at a glance: operator counts per tier, mission completion velocity, support volume, and operation-wide tempo against ENDEX.

Read-mostly view. Use it for operational reporting and to identify Mission Elements that may need additional support.

RANK
NAME
ROLE
ACCESS CODE
MISSION BRIEFING

Operation Iron Veil — Threat group DARKWAVE-37 has established a multi-segment staging network as a launch platform for follow-on operations against critical infrastructure. CPT 169 has been tasked with penetrating the network, mapping their footprint segment-by-segment, and capturing intelligence flags at each stage to deny them their staging ground.

You are an operator assigned to a Mission Element. Provision your account below; you will receive credentials for the range entry point and a verification flag for first contact. Phase progression is enforced — Tier 1 (Recon) through Tier 5 (Maneuver), 25 flags per tier.

Tradecraft escalates by tier. Hint posture moves from generous (Tier 1) to minimal (Tiers 4–5). By the time you reach Bravo segment, you operate blind.

RANK / TITLE
LAST NAME
MISSION ELEMENT
CALLSIGN
This is your terminal username and how you appear on the leaderboard.
OPERATOR RETURNING — GATE PENDING

Your operator account is provisioned but you have not yet cleared the gate. Reconnect to the range entry point, retrieve the verification flag from welcome_flag.txt, and submit it below to enter the operations console.

CALLSIGN: --
OPERATOR: --
SSH CMD: --

Run cat welcome_flag.txt after connecting, then paste the flag below.

ENTRY VERIFICATION FLAG
OPERATOR PROVISIONED

Your operator account is active. Establish initial foothold on the range entry point:

ssh YOUR_CALLSIGN@range-host
Password: ---
Save this password — it will not be shown again.
Ensure SSH is enabled on your machine. Need help?
Windows: Open PowerShell or Command Prompt. SSH is built-in on Windows 10+.
macOS/Linux: Open Terminal. SSH is pre-installed.
If SSH is not working: Windows — Settings → Apps → Optional Features → Add OpenSSH Client.
Port blocked? If your network blocks non-standard ports, try without -p (uses default port 22).

Once on the entry point, run ls and cat welcome_flag.txt for your full mission brief — adversary profile, tier arc, ROE, and your entry verification flag.

Paste the entry flag below to clear the gate and unlock the operations console. Reference: mission (next objective), mission-brief (operation overview).

ENTRY VERIFICATION FLAG
OPERATOR RE-ENTRY

Returning operator — identify yourself to resume mission progress. Your tier state and captured flags are preserved server-side; SSH credentials remain unchanged from your original provisioning.

If you need to re-verify the entry flag, run cat welcome_flag.txt after SSH connect.

RANK / TITLE
LAST NAME
MISSION ELEMENT
TRAINING USE ONLY · v1.0.4
OPERATION IRON VEIL
CYBER PROTECTION TEAM 169
Enter your identification to begin.
This will be logged with all flag submissions and support requests.
INFO Platform Update
SUBMIT FEEDBACK ×
HELP & REFERENCE ×
GETTING STARTED
1. Connect via telnet: telnet <host> 2323
2. Login: YOUR_CALLSIGN / your-password
3. Switch to SSH: ssh YOUR_CALLSIGN@<host> -p 22
4. Read the tunnel reference: cat /opt/iron_veil/tools/tunnel_ref.txt
SSH TUNNEL QUICK REFERENCE
# Local forward
ssh YOUR_CALLSIGN@host -p 22 -L local:target:port -NT

# SOCKS proxy
ssh YOUR_CALLSIGN@host -p 22 -D 1080 -NT
proxychains4 curl http://internal:port

# Reverse tunnel
ssh YOUR_CALLSIGN@host -p 22 -R port:localhost:port -NT

# ProxyJump
ssh -J admin@hop1 admin@target
COMMON ISSUES
Flag rejected? Flags are case-sensitive. Copy exactly as shown including IV{ and }.
Cannot reach a host? You need to build an SSH tunnel first. Check your routing.
Connection refused? Ports are non-standard. Scan the target with nmap first.
Tunnel not working? Ensure -N (no command) and -T (no terminal) flags are set.
SOCKS proxy failing? Verify proxychains4 config points to 127.0.0.1:1080.
Platform issue? Use the Feedback button to report bugs.
RANGE RULES
• Attempt each flag independently before using hints
• Document your tunnel chains as you build them
• Report broken containers or wrong flags via Feedback
• All attempts are logged for after-action review
• Do not share flag values with other students
🔐 FULL OPERATOR SHELL UNLOCKED
You have cleared the gate. One step before you continue: the SSH session you are in right now was opened before gate clearance, so it is still running the restricted pre-gate shell with a limited command set.
Reconnect to unlock your full toolkit:
# 1. Close your current session
exit

# 2. SSH back into the range (same command as before)
ssh YOUR_CALLSIGN@<host>
Your new session will have the full operator shell — ip, nmap, ssh, tunneling tools, and the rest of the kit. This only happens once, at the gate.
REQUEST SUPPORT ×
—
Your Mission Element Lead will be notified. The category + your last-active challenge auto-attach to the ticket so triage is fast.
CHANGE PASSWORD ×
Updates your range account password. After submission, the Ghost provisioner re-applies it to your Linux account within ~10 seconds. Your existing SSH session stays valid; new connections use the new password.