OpenSOC is a blue team defense simulation that is as close to "the real thing" as it gets. This isn’t just another CTF. We’ve built this platform to train real-world responders to handle real-world situations. Our environment is a highly portable, fully functional replication of an enterprise environment, complete with all the trimmings - Active Directory, Exchange, distributed networks, various sensors, log aggregation, end-user simulation, and more.
OpenSOC is comprised of over a dozen open source projects, including the below.
OpenSOC is a challenge meant to teach infosec professionals practical incident response skills in an environment that very closely resembles a real enterprise network. The virtual environment is a scaled down version of almost everything you would find in an enterprise network including workstations, servers, firewalls, email, web browsing, user activity, etc. Simulated users are actually browsing the Internet, downloading files, watching videos, and accessing LAN resources. This creates a high fidelity training environment for unleashing real-world attacks and testing a responder’s ability to filter out the noise and find malicious activity on the network.
OpenSOC is a challenge meant to teach security professionals practical incident response skills in an environment that very closely resembles a real enterprise network. The virtual environment includes a scaled down version of almost everything you would find in an enterprise network to include workstations, servers, firewalls, email, web browsing, user activity, etc. Simulated “users” are actually “browsing” the internet, downloading files, watching videos, and accessing LAN resources. This creates a high fidelity training environment for unleashing real-world attacks and testing a responder's ability to filter out the noise and find malicious activity on the network.
Our scenarios are written by professional penetration testers and offensive security experts. Every simulated cyber attack is carefully crafted using 100% real-world observable attack methods. We even mimic and replicate obserables (IPs, domains, etc) that are actually connected to known threat actors to enable teams to leverage open source intelligence (OSINT) sources. The tools and training provided enables responders to leverage advanced digital forensics and incident respond skills to identify tactics leveraged by real world adversaries.
Participants play the role of a SOC analyst and will have access to an array of security systems designed to monitor host and network activity. Analysts will have to determine what is considered “normal” on the network in order to identify the active threat present in the environment. Just like in the real world, malicious activity does not magically present itself in red text in your firewall logs. Analysts must learn to think critically and make correlations on the fly. OpenSOC pushes to teach and assess these very concepts. Contrary to most “capture the flag” type challenges or tabletop scenarios, an OpenSOC participant will walk away with real world applicable skills that can be applied immediately in an enterprise SOC.
A major cyber incident is not the time to validate your checklists or the skillsets of your team. Leverage our simulated environment to spot gaps in your procedures or training deficiencies. Every engagement we offer is accompanied by over-the-shoulder training from our seasoned incident response trainers. We are able to coach particpants at any experience level through the exercise in a way that builds confidence as well as inspires long-term critical thinking.
Best part of all, a key motivation behind OpenSOC is the demonstration of how powerful open-source tools can be for Security Operations. Every single security system utilized in the virtual enterprise within OpenSOC is an open-source platform. That’s right, everything. Firewalls, SIEM, log aggregation, IDS/IPS, HIDS, anti-virus, honeypots, mail filtering, etc. A major takeaway from participating in OpenSOC is hands-on experience with security tools that are not only free, but often times equivalent (and sometimes superior) to their commercial counterparts. You will be able to return to your workcenter and begin implementing solutions immediately!
We are a group of individuals with 3 things in common: a passion for security, sharing knowledge, and learning.
Our core team is comprised of several industry experts ranging from web application testers, network architects, network security engineers, network and host intrusion specialists, penetration testers, and programmers.
A majority of our team members are currently performing or have previously performed cybersecurity work for the US Department of Defense as well as city, state and federal government entities.
This industry is riddled with complex, high-cost solutions that sometimes yield little or no real benefit. This often discourages small business owners from taking neccesary steps to protect their information systems. Our primary motivator is the belief that cybersecurity should not be out of reach of small and medium businesses.
We defend, assess, and advise enterprises towards an optimal information security posture in an ever-changing threat environment.
Are you an organizer for a security conference or event? If so, we would be happy to bring OpenSOC to your event! Please contact firstname.lastname@example.org.
"This is a fantastic training tool. I would love to have something like this to help train analysts in my own shop, as the tools that are used are those that we implement as well. I put the difficulty at 6, I feel it was a good level for most analysts. I think it would have been cool to have some higher difficulty bonus questions for the seasoned pros though."
"Great game, I came in with little direct experience but was able to do well. I enjoyed the game and learned a lot as well. Highly recommended! Please do more of these. Also your staff was excellent!"
"The scenarios were relevant to my work environment. We run phishing tests against our employee base to see where our training might not be effective, but how do we train our Blue Team to find phishing before users click on it? A lab environment with OpenSOC makes it possible to do What If scenarios."
"You have a great team and an excellent setup/simulation, plus informative and interesting talks. [...] I gained a lot of value from the training, very well worth my time/effort/$$$."
10800 Pecan Park Boulevard