OpenSOC is a free blue team defensive competition that is as close to "the real thing" as it gets. We run it at a series of infosec community events throughout the year to give back to the infosec community, promote the open source projects that we love, and support infosec events like DEFCON and BSides. This isn’t just another CTF. We’ve built this platform to train real-world responders to handle real-world situations. Our environment is a fully functional replication of an enterprise environment, complete with all the trimmings - Active Directory, Exchange, distributed networks, various sensors, log aggregation, end-user simulation, and more.
OpenSOC showcases over a dozen open source projects, including those below.
OpenSOC provides the opportunity to build and test practical incident response skills in an environment that very closely resembles a real enterprise network. The virtual environment is a scaled down version of almost everything you would find in an enterprise network including workstations, servers, firewalls, email, web browsing, user activity, etc. Simulated users are actually browsing the Internet, downloading files, watching videos, and accessing LAN resources. This creates a high fidelity training environment for unleashing real-world attacks and testing a responder’s ability to filter out the noise and find malicious activity on the network.
Our scenarios are written by professional penetration testers and offensive security experts. Every simulated cyber attack is carefully crafted using 100% real-world observable attack methods. We even mimic and replicate observables (IPs, domains, etc) that are actually connected to known threat actors to enable teams to leverage open source intelligence (OSINT) sources. The tools and training provided enables responders to leverage advanced digital forensics and incident response skills to identify tactics leveraged by real world adversaries.
Participants play the role of a SOC analyst and will have access to an array of security systems designed to monitor host and network activity. Analysts will have to determine what is considered “normal” on the network in order to identify the active threat present in the environment. Contrary to “capture the flag” type challenges or tabletop scenarios, an OpenSOC participant will walk away with real world applicable skills that can be applied immediately in an enterprise SOC.
A major cyber incident is not the time to validate your checklists or the skillsets of your team. Leverage OpenSOC to spot gaps in your procedures or training deficiencies. Participants at any experience level can extend their practical process experience and long-term critical thinking.
Best part of all, a key motivation behind OpenSOC is the demonstration of how powerful open-source tools can be for Security Operations. Every single security system utilized in the virtual enterprise within OpenSOC is an open-source platform. That’s right, everything. Firewalls, SIEM, log aggregation, IDS/IPS, HIDS, anti-virus, honeypots, mail filtering, etc. A major takeaway from participating in OpenSOC is hands-on experience with security tools that are not only free, but oftentimes equivalent (and sometimes superior) to their commercial counterparts. You will be able to return to your workcenter and begin implementing solutions immediately!
The OpenSOC Team is made up of folks from Recon Infosec and community volunteers. For Recon, OpenSOC is a chance to give back. For the community volunteers it is a labor of love. This team runs a series of OpenSOC events throughout the year. Each event requires 100s of hours of designing & testing scenarios, writing questions, loading scoreboards, administering the systems registering & onboarding players, and providing guidance during events. Recon Infosec donates the use of their Network Defense Range to support these events.
Recon’s Network Defense Range (NDR) is a “flight simulator for security operations teams”. It is hands-down the best way to train security operations, incident response, and threat hunting teams. NDR was built to deliver hands-on, live-fire scenario-based, experiential learning to some of the best corporate, government, and military security operations teams from around the world. These engagements incorporate live instruction, guided learning, and after action reviews to make incident response teams better.
Network Defense Range training is available to all sizes and types of organizations through Black Hat, Live Online events, dedicated engagements, and year-round training plans. For more information, check our our training page: www.reconinfosec.com/training
OpenSOC is a free blue team defense competition run by the OpenSOC team and supported by Recon Infosec at a series of infosec community events throughout the year.
The goal of the OpenSOC team is to help build the security operations community: to give people new to security operations a chance to try it out, to give current practitioners additional experience, and to give experts the opportunity to compete.
Recon Infosec is an enterprise security company based in Austin, Texas. Recon is committed to assisting organizations of all sizes improve their enterprise security. For small and medium size businesses, Recon provides outsourced cybersecurity partnerships as well as monitoring, detection and response services. For large organizations, Recon offers security operations, incident response, and threat hunting training through the Network Defense Range.
Recon donates the use of their Network Defense Range to the OpenSOC team to give back to the infosec community, promote the open source projects that we love and rely on, and support local information security events.
For more information, check out our website at www.reconinfosec.com.
"This is a fantastic training tool. I would love to have something like this to help train analysts in my own shop, as the tools that are used are those that we implement as well. I put the difficulty at 6, I feel it was a good level for most analysts. I think it would have been cool to have some higher difficulty bonus questions for the seasoned pros though."
"Great game, I came in with little direct experience but was able to do well. I enjoyed the game and learned a lot as well. Highly recommended! Please do more of these. Also your staff was excellent!"
"The scenarios were relevant to my work environment. We run phishing tests against our employee base to see where our training might not be effective, but how do we train our Blue Team to find phishing before users click on it? A lab environment with OpenSOC makes it possible to do What If scenarios."
"2 time OpenSOC player. Hands down the best CTF I've ever done. The range is an engineering feat and keeps getting better, faster, more stable each time. The scenarios are super realistic and staff are super responsive and kind. Only blue team CTF of its kind that I know of."
The OpenSOC team loves hosting events, but each one takes considerable effort from our volunteer team. Because of demand, we generally manage the team calendar 12 to 18 months in advance. If you are an organizer for a security conference or event, we would be happy to connect with you to discuss the possibility of bringing OpenSOC to your event. Please contact us at firstname.lastname@example.org
If you are interested in Recon Network Defense Range training, visit us at www.reconinfosec.com/training, or let us know below.