Tweet
..
..
OpenSOC Blue Team CTF
Friday: 10:00 - 18:00
Saturday: 10:00 - 18:00
Sunday: 10:00 - 14:00
Blue Team Village, Scenic ballroom, Flamingo
https://opensoc.io/
Twitter: @recon_infosec
OpenSOC is a Digital Forensics, Incident Response (DFIR), and Threat Hunting CTF challenge meant to teach and test practical incident response skills in an environment that closely resembles a real enterprise network. Participants / teams will have access to our Network Defense Range and a set of Open Source security tools. They will have to answer challenge questions about the attacks that are taking place in the range via the scoreboard. Each correct answer gives them points in a race to see which team can accumulate the most points before time is up.
The Range:
This virtual environment is a scaled down version of what you would find in an enterprise network, including: workstations, servers, firewalls, email, web browsing, user activity, etc. Simulated users are browsing the Internet, downloading files, watching videos, and accessing LAN resources. This creates a high fidelity training environment for unleashing real-world attacks and testing a responder’s ability to filter out the noise and find malicious activity on the network.
This isn’t just another CTF about solving puzzles and riddles. We’ve built this platform to train real-world responders to handle real-world situations.
The Tools:
OpenSOC includes a complete set of digital forensics and incident response tools. All of these tools included in the OpenSOC platform are free and open source! Some of the free and/or open source projects that we love and use are:
- Sysmon (Windows and Linux!)
- Osquery
- OpenSearch with Logstash and Kibana
- Velociraptor
- Arkime (full packet capture)
- Suricata
- Honeypots/canarytokens
The Attacks:
Our scenarios are written by professional penetration testers and offensive security experts. Every simulated cyber attack is carefully crafted using 100% real-world observable attack methods. We even mimic and replicate observables (IPs, domains, etc) that are actually connected to known threat actors to enable teams to leverage open source intelligence (OSINT) sources.
The Challenge:
- Given initial IOC’s (indicator of compromise), identify attacks that are being carried out against and within the enterprise environment.
- Trace the attackers throughout the kill chain, submitting key IOCs and observables to the scoreboard as you reveal their tactics.
- Reverse engineer any artifacts connected to hostile activities.
- Perform forensics analysis on PCAPs (Packet Captures), memory images, etc.
- Work your way up the scoreboard, learn new skills, and get experience with some of the best open source tools for SecOps!
- The top 20 teams return for the finals on the last day of DEF CON to crown the 2023 OpenSOC champion
This has been canceled by the contest organizers.
..
OpenSOC Blue Team CTF
Friday: 10:00 - 18:00
Saturday: 10:00 - 18:00
Sunday: 10:00 - 14:00
Blue Team Village, Scenic ballroom, Flamingo
https://opensoc.io/
Twitter: @recon_infosec
OpenSOC is a Digital Forensics, Incident Response (DFIR), and Threat Hunting CTF challenge meant to teach and test practical incident response skills in an environment that closely resembles a real enterprise network. Participants / teams will have access to our Network Defense Range and a set of Open Source security tools. They will have to answer challenge questions about the attacks that are taking place in the range via the scoreboard. Each correct answer gives them points in a race to see which team can accumulate the most points before time is up.
The Range:
This virtual environment is a scaled down version of what you would find in an enterprise network, including: workstations, servers, firewalls, email, web browsing, user activity, etc. Simulated users are browsing the Internet, downloading files, watching videos, and accessing LAN resources. This creates a high fidelity training environment for unleashing real-world attacks and testing a responder’s ability to filter out the noise and find malicious activity on the network.
This isn’t just another CTF about solving puzzles and riddles. We’ve built this platform to train real-world responders to handle real-world situations.
The Tools:
OpenSOC includes a complete set of digital forensics and incident response tools. All of these tools included in the OpenSOC platform are free and open source! Some of the free and/or open source projects that we love and use are:
- Sysmon (Windows and Linux!)
- Osquery
- OpenSearch with Logstash and Kibana
- Velociraptor
- Arkime (full packet capture)
- Suricata
- Honeypots/canarytokens
The Attacks:
Our scenarios are written by professional penetration testers and offensive security experts. Every simulated cyber attack is carefully crafted using 100% real-world observable attack methods. We even mimic and replicate observables (IPs, domains, etc) that are actually connected to known threat actors to enable teams to leverage open source intelligence (OSINT) sources.
The Challenge:
- Given initial IOC’s (indicator of compromise), identify attacks that are being carried out against and within the enterprise environment.
- Trace the attackers throughout the kill chain, submitting key IOCs and observables to the scoreboard as you reveal their tactics.
- Reverse engineer any artifacts connected to hostile activities.
- Perform forensics analysis on PCAPs (Packet Captures), memory images, etc.
- Work your way up the scoreboard, learn new skills, and get experience with some of the best open source tools for SecOps!
- The top 20 teams return for the finals on the last day of DEF CON to crown the 2023 OpenSOC champion
This has been canceled by the contest organizers.