OpenSOC is a Digital Forensics, Incident Response (DFIR), and Threat Hunting challenge meant to teach and test practical incident response skills in an environment that closely resembles a real enterprise network. This virtual environment is a scaled down version of what you would find in an enterprise network, including: workstations, servers, firewalls, email, web browsing, user activity, etc. Simulated users are browsing the Internet, downloading files, watching videos, and accessing LAN resources. This creates a high fidelity training environment for unleashing real-world attacks and testing a responder’s ability to filter out the noise and find malicious activity on the network.

This isn’t just another CTF. We’ve built this platform to train real-world responders to handle real-world situations.

What’s even better? 100% of the security tools demonstrated on OpenSOC are FREE and OPEN SOURCE! These projects include ELK, Arkime, osquesry, Suricata, pfsense, Snort, and Thinkst Canary, bringing it all together in an awesome way.

The Challenge:

• Given an initial IOC’s (indicator of compromise (or pivot point)), identify attacks that are being carried out against and within the enterprise environment.
• Trace the attackers throughout the kill chain, submitting key IOCs and observables to the scoreboard as you reveal their tactics.
• Reverse engineer any artifacts connected to hostile activities.
• Perform forensics analysis on PCAPs (Packet Captures), memory images, etc.
• Win awesome prizes, learn new skills, and get experience with some of the best OPEN SOURCE tools for SecOps!