04 March 2021

Professional SOC Team World Championship

See the 2021 Winners

the 2021 Competitors:



SOC X™ is not a game or trivia challenge. It is a pure test of a professional team’s ability to detect, investigate, and remediate a hyper-realistic APT level attack on a live-fire enterprise network.

SOC X is not just another local Blue Team competition. It is the Security Operations World Championship bringing together the best professional SOC and IR teams globally.

SOC X is not sponsored by a tool vendor to promote expensive software licenses. It is a demonstration that teams are more important than tools.

SOC X is not an individual competition. It is a test of professionals in the team sport of digital forensics and incident response.
Close X


We invite public and private organizations from around the world to field a single team of their five best SOC and IR operators. From remote locations, teams will simultaneously face Advanced Persistent Threats on a live-fire network. All participants will be on a level playing field using the same suite of digital forensics & incident response tools.


All too often security operations teams only receive attention when something goes wrong. Not any longer. Now is the chance to put best to the test, and prove for the first time which SOC or IR team deserves the title of World Champion. Will that be you?

Next SOC X: 02 March 2023

1500-2300 UTC (0900-1700 CST)
Follow the action live on
Join the conversation on


for updates and registration information
Close X

Subscribe for Updates


Frequently Asked Questions

What is SOC X?

SOC X is the Professional SOC Team World Championships. It brings together the best SOC and IR Teams in the world to compete on what counts: the detection, investigation, and remediation of hyper-realistic APT level attacks on a live-fire enterprise network.

SOC X is unique among “blue team competitions.” It is the world’s premier security operations competition because it is a pure test of your team’s actual response capabilities. It is not a game. There are no puzzles or trivia quizzes or multiple choice questions. It does not promote a vendor’s commercial tool. It is a live enterprise network, a full suite of digital forensics & incident response tools, and authentic APT attacks.

What is the purpose of SOC X?

The purpose of SOC X is to give the best professional SOC and IR teams in the world an opportunity to test their skills and see how they stack up. More broadly, it is intended to inspire all security operations teams to build their capabilities by demonstrating the art of the possible.

What is the cost?

There is no cost to compete.

Who can compete?

Professional SOC and IR teams of up to 5 people.

Because the goal of SOC X is to inspire and test teams, each team member must be from the same organization and must use their sponsoring organization’s email to register together.

Only one team per organization can compete. Send us your best. This allows as many organizations as possible to compete and prevents collusion between multiple teams from the same organization.

Why only professional teams? Can I play if I am not on a professional security operations team?

SOC X is a team competition and specifically created to test the construct of the professional team. The scenarios are expert level. It is our opportunity to inspire professional teams to raise the bar.

For individuals and community teams of every skill level, we offer far more frequent opportunities to compete with OpenSOC.

Can I participate as a military team?

Absolutely. We only ask that you coordinate across your unit/squadron and limit your signups to 1 team. Bring your best!

Who Hosts SOC X?

Recon Infosec, the team that brought you OpenSOC and the Network Defense Range.

Can my organization enter more than one team?

No. Only one team per organization can compete. Send us your best. This allows as many organizations as possible to compete and prevents collusion between multiple teams from the same organization.

Is SOC X the same thing as OpenSOC?

No. The purpose of OpenSOC is to support open source projects and give back to the community. It is designed to encourage people new to security operations to try it out and intermediate and advanced analysts to practice their skills. OpenSOC has a mix of beginner, intermediate, and advanced challenges. It is always free. It is run multiple times throughout the year at events such as DEFCON and BSides.

SOC X is designed to test the best security operations teams on the planet. It is focused on professional teams, and consists only of expert scenarios.

Is SOC X the same thing as the Network Defense Range?

No. SOC X is the Professional SOC Team World Championships and is run on the Recon Network Defense Range (NDR) . NDR is the platform which includes a live enterprise network, a complete set of digital forensics and incident response tools, and hyper-realistic live attacks. The Recon Network Defense Range also enables public and private security operations training courses, the Recon Threat Hunter Academy, Black Hat Trainings, and OpenSOC.

What tools will I be using?

SOC X is built on a suite of open source tools that provide amazing capability to hunters and responders.

Kibana is an open source frontend application that sits on top of the Elastic Stack, providing search and data visualization capabilities for data indexed in Elasticsearch. Visit the Kibana site.

Arkime (formerly Moloch) is a large-scale, open source, full packet capturing, indexing, and database system. Through storage and indexing network traffic PCAPs, Arkime provides a fast, robust visual platform to analyze network traffic. Visit the Arkime site.

osquery is an operating system instrumentation framework for macOS, Windows, and Linux. You can use it to get statistics about your environment, but we like to use it for threat hunting and finding evil. Visit the osquery site.

Can I bring my own tool, software, agent, etc.?

No. The environment will be prebuilt with a set of detection capabilities and no additions are permitted during the event. You are, however, permitted to use whatever you deem necessary on your own client.

Are there awards for the winner(s)?

The winning team(s) will receive an amazing trophy and permanent recognition on this site for the champion(s).

How do I apply?

More information on the event, including the application process, will be announced in the future. Make sure you signup for updates (link) so you don’t miss out!

My team is in. Now what?

Review the SOC X Rules, make sure you are familiar with the SOC X digital forensic and incident response tools (See prior FAQ "What tools will I be using"), plan your team strategy, and be ready to roll on March 4th.
© 2020 – 2022  Recon InfoSec, Inc.
 All rights reserved.
Connect on Discord