• Are You New to the Field?
    OpenSOC is an Opportunity to Experience Security Operations.

    OpenSOC is a Digital Forensics, Incident Response (DFIR), and Threat Hunting challenge that uniquely highlights practical incident response skills in an environment that's as close to "the real thing" as it gets. Scenarios and challenges get more difficult as you progress. The first few only require solid information security fundamentals and a bit of persistence. Give it a try; you just might end-up with a new career.

  • Are you an Expert? OpenSOC is an Opportunity to Compete with the Best.

    OpenSOC challenges security professionals’ practical incident response skills with high-fidelity attacks in a live enterprise network. It is a chance for individuals to compete on the basis of practical skills. For the best of the best, there are few things more fun than that.

  • Are you a Practitioner? OpenSOC is an Opportunity to Build Experience.

    Just like in the real world, malicious activity does not magically present itself in red text in your firewall logs. Analysts must learn to think critically and make correlations on the fly. These are skills that can only be developed through experience. OpenSOC is a risk-free way to gain some of that experience.

More About Us

OpenSOC Network Defense Range.

OpenSOC is a free blue team defensive competition that is as close to "the real thing" as it gets. We run it at a series of infosec community events throughout the year to give back to the infosec community, promote the open source projects that we love, and support infosec events like DEFCON and BSides. This isn’t just another CTF. We’ve built this platform to train real-world responders to handle real-world situations. Our environment is a fully functional replication of an enterprise environment, complete with all the trimmings - Active Directory, Exchange, distributed networks, various sensors, log aggregation, end-user simulation, and more.

OpenSOC showcases over a dozen open source projects, including those below.

The Value of OpenSOC.

OpenSOC provides the opportunity to build and test practical incident response skills in an environment that very closely resembles a real enterprise network. The virtual environment is a scaled down version of almost everything you would find in an enterprise network including workstations, servers, firewalls, email, web browsing, user activity, etc. Simulated users are actually browsing the Internet, downloading files, watching videos, and accessing LAN resources. This creates a high fidelity training environment for unleashing real-world attacks and testing a responder’s ability to filter out the noise and find malicious activity on the network.

The Challenge:

  1. Find the hostile activities
  2. Identify key components of the threats on the network
  3. Submit Indicators of Compromise to the scoreboard for points

Confront the Tactics of Advanced Adversaries.

Our scenarios are written by professional penetration testers and offensive security experts. Every simulated cyber attack is carefully crafted using 100% real-world observable attack methods. We even mimic and replicate observables (IPs, domains, etc) that are actually connected to known threat actors to enable teams to leverage open source intelligence (OSINT) sources. The tools and training provided enables responders to leverage advanced digital forensics and incident response skills to identify tactics leveraged by real world adversaries.

Practice For Worst Case Scenarios.

Participants play the role of a SOC analyst and will have access to an array of security systems designed to monitor host and network activity. Analysts will have to determine what is considered “normal” on the network in order to identify the active threat present in the environment. Contrary to “capture the flag” type challenges or tabletop scenarios, an OpenSOC participant will walk away with real world applicable skills that can be applied immediately in an enterprise SOC.

Validate Your Procedures and Skills.

A major cyber incident is not the time to validate your checklists or the skillsets of your team. Leverage OpenSOC to spot gaps in your procedures or training deficiencies. Participants at any experience level can extend their practical process experience and long-term critical thinking.

Gain Exposure to Free Cutting Edge Solutions

Best part of all, a key motivation behind OpenSOC is the demonstration of how powerful open-source tools can be for Security Operations. Every single security system utilized in the virtual enterprise within OpenSOC is an open-source platform. That’s right, everything. Firewalls, SIEM, log aggregation, IDS/IPS, HIDS, anti-virus, honeypots, mail filtering, etc. A major takeaway from participating in OpenSOC is hands-on experience with security tools that are not only free, but oftentimes equivalent (and sometimes superior) to their commercial counterparts. You will be able to return to your workcenter and begin implementing solutions immediately!

Who We Are.

The OpenSOC Team is made up of folks from Recon Infosec and community volunteers. For Recon, OpenSOC is a chance to give back. For the community volunteers it is a labor of love. This team runs a series of OpenSOC events throughout the year. Each event requires 100s of hours of designing & testing scenarios, writing questions, loading scoreboards, administering the systems registering & onboarding players, and providing guidance during events. Recon Infosec donates the use of their Network Defense Range to support these events.

Network Defense Range

Recon’s Network Defense Range (NDR) is a “flight simulator for security operations teams”. It is hands-down the best way to train security operations, incident response, and threat hunting teams. NDR was built to deliver hands-on, live-fire scenario-based, experiential learning to some of the best corporate, government, and military security operations teams from around the world. These engagements incorporate live instruction, guided learning, and after action reviews to make incident response teams better.

Network Defense Range training is available to all sizes and types of organizations through Black Hat, Live Online events, dedicated engagements, and year-round training plans. For more information, check our our training page: www.reconinfosec.com/training


OpenSOC is a free blue team defense competition run by the OpenSOC team and supported by Recon Infosec at a series of infosec community events throughout the year.

The goal of the OpenSOC team is to help build the security operations community: to give people new to security operations a chance to try it out, to give current practitioners additional experience, and to give experts the opportunity to compete.

Recon InfoSec

Recon Infosec is an enterprise security company based in Austin, Texas. Recon is committed to assisting organizations of all sizes improve their enterprise security. For small and medium size businesses, Recon provides outsourced cybersecurity partnerships as well as monitoring, detection and response services. For large organizations, Recon offers security operations, incident response, and threat hunting training through the Network Defense Range.

Recon donates the use of their Network Defense Range to the OpenSOC team to give back to the infosec community, promote the open source projects that we love and rely on, and support local information security events.

For more information, check out our website at www.reconinfosec.com.

Come See Us At A Public Event.

Stay tuned here, in Discord, and on Twitter for the latest information on up-coming events.

  • "This is a fantastic training tool. I would love to have something like this to help train analysts in my own shop, as the tools that are used are those that we implement as well. I put the difficulty at 6, I feel it was a good level for most analysts. I think it would have been cool to have some higher difficulty bonus questions for the seasoned pros though."

    Jeff R.
  • "Great game, I came in with little direct experience but was able to do well. I enjoyed the game and learned a lot as well. Highly recommended! Please do more of these. Also your staff was excellent!"

    Jon B.
  • "The scenarios were relevant to my work environment. We run phishing tests against our employee base to see where our training might not be effective, but how do we train our Blue Team to find phishing before users click on it? A lab environment with OpenSOC makes it possible to do What If scenarios."

    David H.
  • "2 time OpenSOC player. Hands down the best CTF I've ever done. The range is an engineering feat and keeps getting better, faster, more stable each time. The scenarios are super realistic and staff are super responsive and kind. Only blue team CTF of its kind that I know of."

Get In Touch With Us.

The OpenSOC team loves hosting events, but each one takes considerable effort from our volunteer team. Because of demand, we generally manage the team calendar 12 to 18 months in advance. If you are an organizer for a security conference or event, we would be happy to connect with you to discuss the possibility of bringing OpenSOC to your event. Please contact us at info@reconinfosec.com

If you are interested in Recon Network Defense Range training, visit us at www.reconinfosec.com/training, or let us know below.

For more information, contact us at www.reconinfosec.com/contact.




11824 Jollyville Road
Ste. 404
Austin, TX
78759 US


(800) 618-7080