Presented at
BSidesDC 2019,
Oct. 25, 2019, 1 p.m.
(480 minutes)
OpenSOC is a DFIR challenge meant to teach practical incident response skills in an environment that very closely resembles a real enterprise network. This virtual environment is a scaled down version of what you would find in an enterprise network, including: workstations, servers, firewalls, email, web browsing, user activity, etc. Simulated users are browsing the Internet, downloading files, watching videos, and accessing LAN resources. This creates a high fidelity training environment for unleashing real-world attacks and testing a responders ability to filter out the noise and find malicious activity on the network.
This isn’t just another CTF. We’ve built this platform to train real-world responders to handle real-world situations.
What’s even better? 100% of the security tools demonstrated on OpenSOC are FREE and OPEN SOURCE! These projects include Wazuh + ossec, Kolide + osquery, Suricata, Snort, Moloch, OPNsense, pfSense and Graylog bringing it all together in an awesome way.
The Challenge:
1) Given an initial IOCs (indicator of compromise (or pivot point)), identify attacks that are being carried out against and within the enterprise environment.
2) Trace the attackers throughout the kill chain, submitting key IOCs and observables to the scoreboard as you reveal their tactics.
3) Reverse engineer any artifacts connected to hostile activities.
4) Perform forensics analysis on PCAPs (Packet Captures), memory images, etc.
5) Win awesome prizes, learn new skills, and get experience with some of the best OPEN SOURCE tools for SecOps!
Links:
Similar Presentations: