Incident Response Challenge

CERT Australia will host another Incident Response (IR) Challenge at BSides Canberra in 2017!

The challenge is an offline IR memory and network challenge in which participants (either individuals or teams) download the given PCAPs and Memory dumps collected from a simulated incident and try and piece together the narrative of what has occurred.

Unlike a traditional CTF, there are no set flags in a given format to find. The winning submission as judged by the CERT will be the one that most completely covers the following:

  • Explanation of the environment the incident took place in
  • Most complete summary of the incident start to finish including technical detail to back up each step/event
  • Recommendations or advice that could be provided to the affected fictitious organisation for both remediation as well as improving the overall security posture of their network
Winners will be announced at the awards ceremony on Saturday afternoon along with all the bragging rights and kudos of being the best IRers at the Con (and maybe a prize or two provided by BSides)

Check back on this space for more details closer to the event.