AdelaideSEC2024 - Incident Response Competition

Overview

Retrospect Labs are partnering with AISA - AdelaideSEC2024 to provide a competition style incident response exercise for cyber security professionals, enthusiasts, students, as well as those interested in the field, who are attending AdelaideSEC2024. The competition is an exciting and fun way for you to use both your technical and non-technical skills to work through a realistic cyber incident - in a self-paced way - over 10 days. You can register a team of up to five people to work through the fictious incident, completing tasks along the way. At the conclusion of the event, all of your submissions will be evaluated by a panel of judges, with the teams who place in the top three being announced as part of the AdelaideSEC2024 conference.

What’s involved

For ten days, starting on Friday 2nd August 2024, participants will work their way through a scenario that simulates a real-world cyber incident, impacting a fictitious organisation. The scenario is designed to test your incident response skills, and so it includes several aspects common to incident response. For example, the exercise will include forensic artefacts that participants can analyse to identify various Indicators of Compromise (IoCs), as well as understand what malicious activities have occurred and how the adversary undertook those activities (their Tactics, Techniques, and Procedure’s used). Participants will also be required to perform tasks that relate to managing the media, providing communications to senior leadership, and providing legal and privacy considerations in response to the incident. If you have an interest or skillset in these areas, you would be a beneficial addition to your team.

Throughout the exercise, teams will submit certain tasks common to incident response activities. These tasks will be reviewed by the judging panel, who will evaluate the performance of each team during the event and based on the tasks they complete.

Prizes

There are some amazing prizes up for grabs for those who place in this event! A huge thank you to those who supported this event and generously donated prizes.

1st Place

In-Person SANS Course (Adelaide SANS Course only) for each team member

2nd Place

Tickets to AdelaideSEC 2025 for all team members

3rd Place

Goodies and merch from Retrospect Labs

When is it running?

Competition official opening - Friday 2nd August 2024 at 9am (ACST)

Competition official close - Monday 12th August 2024 at 9am (ACST) prior to the kick off of AdelaideSEC2024

Closing Ceremony - Winners will be announced as part of AdelaideSEC 2024.

Who's this for?

Anyone who will be attending AdelaideSEC2024. You may be working in cyber, studying a related degree, or if you are just interested in learning more about incident response and have some basic cyber skills or knowledge, we encourage you to register a team and to give it a go.

It would be beneficial to have some SOC/Incident Response skills (some familiarity with common incident response tools or incident response frameworks). However, you do not need to have these technical skills to participate in a team.

We don’t expect you to know everything about incident response, but we want you to want to learn along the way, find out what you do enjoy about IR, and get excited about it.

Registration

For the competition, you can register a team of up to 5 members. As this event will be run virtually, leveraging Retrospect Labs cyber security exercise platform, Gauntlet, there is no need for your team members to be in the same location. Therefore, if you have some old friends or colleagues who you want to team up with, feel free to reconnect by teaming up on this exciting competition.

Note: This event is only open to those attending AdelaideSEC 2024.

You will find more details on how to make your donation within the registration form.

Once you have registered you team and we have got everything finalised, your team will receive an email with some further information and instructions. Closer to the competition start date, you will be invited to a Slack channel, which will contain a space for you to communicate with your team, and to receive any communications from the competition organisers during the event.

Please note that places are strictly limited to 25 teams for this event, and that these competitions typically fill up quite fast. If you’re not successful gaining a place this time round, be sure to keep an eye on Retrospect Labs socials, as we love running these types of competitions year-round.

We will have a wait list available, should any team withdraw their participation, we will reach out.

Registrations open – Wednesday 17th July 2024 at 10am (ACST)

Registrations close – Sunday 28th July 2024 at midnight (ACST) – if places are not fully allocated prior.

Your team will also be given access to Retrospect Labs cyber security exercise platform, Gauntlet. Gauntlet will be used for distributing the scenario (known as injects), forensic artefacts, and is where you will submit your tasks.

Response Lab

Throughout the competition, you will be able to leverage one of Gauntlet’s newest capabilities which we call, Response Lab. Response Lab is a cloud-based forensic environment, which you will be able to access directly from within Gauntlet as you work through the incident. This environment will be primed with all the tools you require to analyse the technical artefacts involved throughout the competition, and will be simply accessible from your internet browser. That means you don’t need to set up your own virtual machines or forensic labs this year. Unless you would like to use your own of course.

What else do I need to know?

Participants will be able to control the pace of the exercise and will have the flexibility to compete outside of work hours. You can start the exercise whenever you like, work through it at your own pace – but everything must be completed by 12th August. Teams won't be judged on how long they take to complete the challenge.

Places are limited to 25 teams of up to 5 participants.

Out of respect for the organisers and the judges taking their time to run this competition, we would appreciate it if you let us know if your team are no longer able to compete, by sending Retrospect Labs an email at least 48 hours beforehand. Thank-you.