Overview

Five Teams of up to 5 people will take the role of the Incident Response team at a fictitious company called “Commensurate Technology”. This event is hosted by QA, in partnership with RangeForce. 

We want to invite security operations center (SOC) analysts and security incident response teams at medium to large enterprises, but we can accommodate other backgrounds too, such as pen testers, network admins etc. as long as they know it’s a cyber security focused exercise.

Activity

Together, participants will use leading security operations tools including Splunk, Fortinet and Sysmon in a realistic, hands-on simulation environment, to respond to a malicious threat actor.

They may also have to triage and respond to false positives generated by emulated users with poor security hygiene. In order to do this, they will need to work as a team, assign roles and ensure continuous communication.

The attack is to be treated as a live incident and, as the scenario is investigated and analysed, some tools, techniques and procedures (TTP) and additional indicators of compromise (IOC) intel may be released to the users, depending on their skill levels and speed of progress.


The exercise will be facilitated by a team of RangeForce specialists, with an approximate duration of around 3 hours (15-minute orientation, approx. 150 minutes for the exercise, and a 15 minute debrief). The exercise will culminate with a cyber incident response team (CIRT) report that must be written by the participants, detailing their findings and advising on their recommendations for future prevention. The participants will be expected to follow the NIST recommended framework of Detect → Mitigate → Respond → Recover.

Pre-exercise activity (Introductory Pathway)

To ensure all participants are familiar with the tools being deployed, a preparatory learning path within the Range Force training platform will be made available 2 weeks in advance of the exercise.

It is recommended that all participants complete this learning path in advance of the day, particularly if they have not used the tools before, so as to guarantee that everyone can contribute and benefit on the day.
• Learning Module 1: Conti Detection and Response
• Learning Module 2: Windows - Authentication and Remote Connections
• Learning Module 3: Email Header Analysis Basics
• Learning Module 4: Email URL Analysis Basics
• Learning Module 5: Windows - Email URL Analysis
• Learning Module 6: Firewall Policies: FortiOS
• Learning Module 7: Firewall URL Filtering: FortiOS
• Learning Module 8: Windows – Sysmon

Fill out the form below to reserve your space. Max capacity is 25 people. First-come first-served.