Tweet
OpenSOC is a Digital Forensics, Incident Response (DFIR), and Threat Hunting challenge meant to teach and test practical incident response skills in an environment that closely resembles a real enterprise network. This virtual environment is a scaled down version of what you would find in an enterprise network, including: workstations, servers, firewalls, email, web browsing, user activity, etc. Simulated users are browsing the Internet, downloading files, watching videos, and accessing LAN resources. This creates a high fidelity training environment for unleashing real-world attacks and testing a responder’s ability to filter out the noise and find malicious activity on the network.
This isn’t just another CTF. We’ve built this platform to train real-world responders to handle real-world situations. What’s even better? 100% of the security tools demonstrated on OpenSOC are FREE and OPEN SOURCE! These projects include Wazuh + ossec, Kolide + osquery, Suricata, Snort, Moloch, OPNsense, pfSense and Graylog bringing it all together in an awesome way.
The Challenge:
- Given an initial IOC’s (indicator of compromise (or pivot point)), identify attacks that are being carried out against and within the enterprise environment.
- Trace the attackers throughout the kill chain, submitting key IOCs and observables to the scoreboard as you reveal their tactics.
- Reverse engineer any artifacts connected to hostile activities.
- Perform forensics analysis on PCAPs (Packet Captures), memory images, etc.
- Win awesome prizes, learn new skills, and get experience with some of the best OPEN SOURCE tools for SecOps!