ComfyConAU 2024 Incident Response Competition
Register nowWe are no longer accepting registrations. Good luck to all participants!
Overview
Retrospect Labs are partnering with ComfyConAU again to provide a competition style incident response exercise for cyber security professionals, enthusiasts, students, as well as those interested in the field from across Australia and New Zealand. The competition is an exciting and fun way for you to use both your technical and non-technical skills to work through a realistic cyber incident - in a self-paced way - over 10 days. You can register a team of up to five people to work through the fictious incident, completing tasks along the way. At the conclusion of the event, all of your submissions will be evaluated by the judges, with the teams who place in the top three being announced during the Closing Ceremony (more details on this to come)!
What does the competition involve?
For ten days, starting on Wednesday 27th March 2024, participants will work their way through a scenario that simulates a real-world cyber incident, impacting a fictitious organisation. The scenario is designed to test your incident response skills, and so it includes several aspects common to incident response. For example, the exercise will include forensic artefacts that participants can analyse to identify various Indicators of Compromise (IoCs), as well as understand what malicious activities have occurred and how the adversary undertook those activities (their Tactics, Techniques, and Procedure’s used). Participants will also be required to perform tasks that relate to managing the media, providing communications to senior leadership, and providing legal and privacy considerations in response to the incident. If you have an interest or skillset in these areas, you would be a beneficial addition to your team!
Throughout the exercise, teams will submit certain tasks common to incident response activities. These tasks will be reviewed by the competition judges, who will evaluate the performance of each team during the event and based on the tasks they complete we will name a winner during a Closing Ceremony!
Prizes
Some cool Retrospect Labs merch (and bragging rights of course)!
When is it running?
Competition start: Wednesday 27th March 2024 at 10am (AEDT)
Competition ends: Friday 5th April 2024 at 5pm (AEDT) prior to the kick off of ComfyCon AU
Closing Ceremony: Date to be confirmed.
Who's this for?
Anyone in Australia or New Zealand, working in cyber, studying a related degree, or if you are interested in learning more about incident response and have some basic cyber skills or knowledge, we encourage you to register a team and to give it a go!
It would be beneficial to have some SOC/Incident Response skills (some familiarity with common incident response tools or incident response frameworks). However, you do not need to have these technical skills to participate in a team.
We don’t expect you to know everything about incident response, but we want you to want to learn along the way, find out what you do enjoy about IR, and get excited about it!
Registration
For the competition, you can register a team of up to 5 members. As this event will be run virtually, leveraging Retrospect Labs cyber security exercise platform, Gauntlet, there is no need for your team members to be in the same location. Therefore, if you have some old friends or colleagues who are interstate or across the water from you, feel free to reconnect by teaming up on this exciting competition!
To register your team’s participation in this event, we ask that you make a per-team donation of $25 to either of these two amazing charities.
Once you have registered you team and we have got everything finalised, your team will receive an email with some further information and instructions. Closer to the competition start date, you will be invited to a Slack channel, which will contain a space for you to communicate with your team, and to receive any communications from the competition organisers during the event.
Please note that places are strictly limited to 20 teams for this event, and that these competitions typically fill up quite fast! If you’re not successful gaining a place this time round, be sure to keep an eye on Retrospect Labs socials, as we love running these types of competitions year-round!
We will have a wait list available, should any team withdraw their participation, we will reach out.
Registrations open – Monday 11th March 2024 at 10am (AEDT)
Registrations close – Monday 18th March 2024 at 5pm (AEDT) – If places are not fully allocated prior.
Your team will also be given access to Retrospect Labs cyber security exercise platform, Gauntlet. Gauntlet will be used for distributing the scenario (known as injects), forensic artefacts, and is where you will submit your tasks.
Response Lab
Throughout the competition, you will be able to leverage one of Gauntlet’s newest capabilities which we call, Response Lab. Response Lab is a cloud-based forensic environment, which you will be able to access directly from within Gauntlet as you work through the incident. This environment will be primed with all the tools you require to analyse the technical artefacts involved throughout the competition, and will be simply accessible from your internet browser! That means you don’t need to set up your own virtual machines or forensic labs this year! Unless you would like to use your own of course.
What else do I need to know?
Participants will be able to control the pace of the exercise and will have the flexibility to compete outside of work hours. You can start the exercise whenever you like, work through it at your own pace – but everything must be completed by 5th April. Teams won't be judged on how long they take to complete the challenge.
Places are limited to 20 teams of up to 5 participants.
Out of respect for the organisers and the judges taking their time to run this competition, we would appreciate it if you let us know if your team are no longer able to compete, by sending Retrospect Labs an email at least 48 hours beforehand. Thank you.