04 March 2021

Professional SOC Team World Championship



SOC X™ is not a game or trivia challenge. It is a pure test of a professional team’s ability to detect, investigate, and remediate a hyper-realistic APT level attack on a live-fire enterprise network.

SOC X is not just another local Blue Team competition. It is the Security Operations World Championship bringing together the best professional SOC and IR teams globally.

SOC X is not sponsored by a tool vendor to promote expensive software licenses. It is a demonstration that teams are more important than tools.

SOC X is not an individual competition. It is a test of professionals in the team sport of digital forensics and incident response.
Close X

Compete Alongside the Best Blue Teams in the World

Public and private organizations from around the world may field a single team of their 5 best SOC and IR operators. From remote locations, teams will simultaneously face Advanced Persistent Threats on a live-fire network. All participants will be on a level playing field using the same suite of digital forensics & incident response tools.

See How Your Team Stacks Up

Teams will be scored and ranked based upon objective measures of how they detect and investigate the threat. All teams will see how they stacked up, but only the top teams are publicly recognized.

Earn the Title: World Champion

All too often security operations teams only receive attention when something goes wrong. Not any longer. Now is the chance to put best to the test, and prove for the first time which SOC or IR team deserves the title of World Champion. Will that be you? Apply now to compete at SOC X to find out.
When: 04 March 2021, 0900-1700 CST
Where: Online
Who: By Application/Acceptance Only

Apply Now

Space is Limited
Close X

Frequently Asked Questions

What is SOC X?

SOC X is the Professional SOC Team World Championships. It brings together the best SOC and IR Teams in the world to compete on what counts: the detection, investigation, and remediation of hyper-realistic APT level attacks on a live-fire enterprise network.

SOC X is unique among “blue team competitions.” It is the world’s premier security operations competition because it is a pure test of your team’s actual response capabilities. It is not a game. There are no puzzles or trivia quizzes or multiple choice questions. It does not promote a vendor’s commercial tool. It is a live enterprise network, a full suite of digital forensics & incident response tools, and authentic APT attacks.

What is the purpose of SOC X?

The purpose of SOC X is to give the best professional SOC and IR teams in the world an opportunity to test their skills and see how they stack up. More broadly, it is intended to inspire all security operations teams to build their capabilities by demonstrating the art of the possible.

When is it?

SOC X 2021 will run from 0900 to 1700 CST (1500 to 2300 UTC) on March 4th, 2021.

What is the cost?

There is no cost to compete.

Who can compete?

Professional SOC and IR teams of up to 5 people.

Because the goal of SOC X is to inspire and test teams, each team member must be from the same organization and must use their sponsoring organization’s email to register together.

Only one team per organization can compete. Send us your best. This allows as many organizations as possible to compete and prevents collusion between multiple teams from the same organization.

Why only professional teams? Can I play if I am not on a professional security operations team?

SOC X is a team competition and specifically created to test the construct of the professional team. The scenarios are expert level. It is our opportunity to inspire professional teams to raise the bar.

For individuals and community teams of every skill level, we offer far more frequent opportunities to compete with OpenSOC.

Can I participate as a military team?

Absolutely. We only ask that you coordinate across your unit/squadron and limit your signups to 1 team. Bring your best!

Who Hosts SOC X?

Recon Infosec, the team that brought you OpenSOC and the Network Defense Range.

Can my organization enter more than one team?

No. Only one team per organization can compete. Send us your best. This allows as many organizations as possible to compete and prevents collusion between multiple teams from the same organization.

Is SOC X the same thing as OpenSOC?

No. The purpose of OpenSOC is to support open source projects and give back to the community. It is designed to encourage people new to security operations to try it out and intermediate and advanced analysts to practice their skills. OpenSOC has a mix of beginner, intermediate, and advanced challenges. It is always free. It is run multiple times throughout the year at events such as DEFCON and BSides.

SOC X is designed to test the best security operations teams on the planet. It is only offered once a year, is focused on professional teams, and consists only of expert scenarios.

Is SOC X the same thing as the Network Defense Range?

No. SOC X is the Professional SOC Team World Championships and is run on the Recon Network Defense Range (NDR) . NDR is the platform which includes a live enterprise network, a complete set of digital forensics and incident response tools, and hyper-realistic live attacks. The Recon Network Defense Range also enables public and private security operations training courses, the Recon Threat Hunter Academy, Black Hat Trainings, and OpenSOC.

What tools will I be using?

SOC X is built on a suite of open source tools that provide amazing capability to hunters and responders.

Kibana is an open source frontend application that sits on top of the Elastic Stack, providing search and data visualization capabilities for data indexed in Elasticsearch. Visit the Kibana site.

Arkime (formerly Moloch) is a large scale, open source, full packet capturing, indexing, and database system. Through storage and indexing network traffic PCAPs, Arkime provides a fast, robust visual platform to analyze network traffic. Visit the Arkime site.

osquery is an operating system instrumentation framework for macOS, Windows, and Linux. You can use it to get statistics about your environment, but we like to use it for threat hunting and finding evil. Visit the osquery site.

Can I bring my own tool, software, agent, etc.?

No. The environment will be prebuilt with a set of detection capabilities and no additions are permitted during the event. You are, however, permitted to use whatever you deem necessary on your own client.

Are there awards for the winner(s)?

The winning team(s) will receive an amazing trophy and permanent recognition on this site for the annual champion(s).

My team is in. Now what?

Fill-out the team application. There is no cost to apply. A limited number of teams will be accepted. You will be notified no later than February 15th.
 © 2020-2021
 Recon InfoSec, Inc.
 All rights reserved.
Ping us on Discord