LASCON 2017 has ended
View analytic
Thursday, October 26 • 8:30am - 5:00pm
Incident Response (IR) CTF

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
CSIRTS (Cyber Security Incident Response Team Simulation)

Participants can be either teams or individuals and will be able to use a limited number of laptops provided by us, OR bring their own which we encourage. There will be wired & wireless access to the environment. Upon logging into the environment, participants will act as “blue team” incident responders seeking to identify a network breach that is actively in progress. The range is a small, but realistic mock-up of an enterprise network complete with Active Directory, Exchange, firewalls, SIEM, workstations, etc. Participants will have access to a SIEM/log aggregation tool, and multiple security appliances to try and identify the malicious activities that are taking place on the network.

This is not an active defense challenge, as those often require a significant amount of time. This is simply an “identification” challenge, which is honestly the best starting place for most incident response training functions. The challenge is simple: can you find the hostile activities and identify key components of the threat?

There will be a scoreboard that will prompt the participant to answer Jeopardy-style questions to measure their progress through the challenge. A sample question might be, “What is the external IP address of the malicious activity detected by the perimeter firewall?” or “What protocol is the attacker using to exfiltrate data from within the network?” This will nudge the participant in the right direction for systematically tracing and identifying unauthorized activity on an enterprise network.

This CTF will be coordinated by Eric Capuano of DPS / Texas Homeland Security.

Thursday October 26, 2017 8:30am - 5:00pm
Expo Hall (Live Oak Room)

Attendees (4)