Maskirovka Winter - A Counter Intelligence (CI) Simulation

“A threat consists of capabilities multiplied by intentions; if either one is zero, you have a zero sum game”

Welcome to the Maskirvoka Winter, a high stakes global threat hunt and that will test participant’s aptitude using varied technical intelligence and analytical tradecraft against simulated targets in a series of stages. This counter-intelligence (CI) simulation will consist of a hands-on workshop that will introduce participants into the world of intelligence analysis, critical thinking and reasoning, producing hypothesis and applying proportioned analytical methods that will help teams reveal the events surrounding Maskirovka Winter. Participants will be given a casefile that will include virtual machine with tools, intel reports, keys and analyst guidelines to use in the workshop and to help during the challenge.

The Workshop will be held on Friday 17th March at 10.30am in the Workshop & Competition room and will cover the following topics;

  • Introduction into the intelligence cycle and SARA model
  • Types of intelligence collection and analysis
  • Using the Diamond model
  • Validating assumptions and verifying quality of information
  • Critical thinking and measuring hypothesis
  • Advanced analytical methods

    • signature and pattern analysis
    • statistical and time based analysis
    • exploring alternative futures
    • force field study
    • social networks, hot spotting and link analysis
    • what-if and high impact/low probability analysis

Information for Participants

  • Suitable for all persons [challenges may involve some level of technical forensics, cryptanalysis]
  • Participant registration will occur on the day at BSides Canberra
  • Participants must have a suitable laptop and with VMware Player support.

Event Suggested Tools

Key Challenge

The team who successfully completes all 5 stages or has the most points wins.

Hosted By:

Dan Kennedy

Dan is a senior consultant over at Context information security where he performs advisory, technical assurance and evaluation. In his spare time he is usually squatting on slack, changing nappies or training bjj. Dan is also an associate member of the Australian Institute of Professional Intelligence officers AIPIO and studies at CSU AGSPS.

Supported By:

Context IS