04 March 2021

Professional SOC Team World Championship

See the 2021 Winners
image/svg+xml
image/svg+xml

the 2021 Competitors:

image/svg+xml

A SECURITY OPERATIONS COMPETITION LIKE NO OTHER

SOC X™ is not a game or trivia challenge. It is a pure test of a professional team’s ability to detect, investigate, and remediate a hyper-realistic APT level attack on a live-fire enterprise network.

SOC X is not just another local Blue Team competition. It is the Security Operations World Championship bringing together the best professional SOC and IR teams globally.

SOC X is not sponsored by a tool vendor to promote expensive software licenses. It is a demonstration that teams are more important than tools.

SOC X is not an individual competition. It is a test of professionals in the team sport of digital forensics and incident response.
Close X

THE WORLD’S BEST BLUE TEAMS ARE READY TO THROW DOWN

We invited public and private organizations from around the world to field a single team of their 5 best SOC and IR operators to simultaneously face Advanced Persistent Threats on a live-fire network.

We may have underestimated the demand. Since we announced SOC X we have been flooded with applications. There is not enough space for all the teams that applied. Applications are now closed and registration is complete. The competition is set.

Scroll down to see who is in, how you can follow the action, and how you can register for interest in future events.
image/svg+xml
image/svg+xml

WHO WILL BE THE 2021 WORLD CHAMPION?

All too often security operations teams only receive attention when something goes wrong. Not any longer. Now is the chance to put best to the test, and prove for the first time which SOC or IR team deserves the title of World Champion.
image/svg+xml
image/svg+xml

Subscribe

for updates and future events
Close X

Subscribe for Updates



image/svg+xml
image/svg+xml

Frequently Asked Questions

What is SOC X?

SOC X is the Professional SOC Team World Championships. It brings together the best SOC and IR Teams in the world to compete on what counts: the detection, investigation, and remediation of hyper-realistic APT level attacks on a live-fire enterprise network.

SOC X is unique among “blue team competitions.” It is the world’s premier security operations competition because it is a pure test of your team’s actual response capabilities. It is not a game. There are no puzzles or trivia quizzes or multiple choice questions. It does not promote a vendor’s commercial tool. It is a live enterprise network, a full suite of digital forensics & incident response tools, and authentic APT attacks.

What is the purpose of SOC X?

The purpose of SOC X is to give the best professional SOC and IR teams in the world an opportunity to test their skills and see how they stack up. More broadly, it is intended to inspire all security operations teams to build their capabilities by demonstrating the art of the possible.

When is it?

SOC X 2021 will run from 0900 to 1700 CST (1500 to 2300 UTC) on March 4th, 2021.

What is the cost?

There is no cost to compete.

Who can compete?

Professional SOC and IR teams of up to 5 people.

Because the goal of SOC X is to inspire and test teams, each team member must be from the same organization and must use their sponsoring organization’s email to register together.

Only one team per organization can compete. Send us your best. This allows as many organizations as possible to compete and prevents collusion between multiple teams from the same organization.

Why only professional teams? Can I play if I am not on a professional security operations team?

SOC X is a team competition and specifically created to test the construct of the professional team. The scenarios are expert level. It is our opportunity to inspire professional teams to raise the bar.

For individuals and community teams of every skill level, we offer far more frequent opportunities to compete with OpenSOC.

Can I participate as a military team?

Absolutely. We only ask that you coordinate across your unit/squadron and limit your signups to 1 team. Bring your best!

Who Hosts SOC X?

Recon Infosec, the team that brought you OpenSOC and the Network Defense Range.

Can my organization enter more than one team?

No. Only one team per organization can compete. Send us your best. This allows as many organizations as possible to compete and prevents collusion between multiple teams from the same organization.

Is SOC X the same thing as OpenSOC?

No. The purpose of OpenSOC is to support open source projects and give back to the community. It is designed to encourage people new to security operations to try it out and intermediate and advanced analysts to practice their skills. OpenSOC has a mix of beginner, intermediate, and advanced challenges. It is always free. It is run multiple times throughout the year at events such as DEFCON and BSides.

SOC X is designed to test the best security operations teams on the planet. It is only offered once a year, is focused on professional teams, and consists only of expert scenarios.

Is SOC X the same thing as the Network Defense Range?

No. SOC X is the Professional SOC Team World Championships and is run on the Recon Network Defense Range (NDR) . NDR is the platform which includes a live enterprise network, a complete set of digital forensics and incident response tools, and hyper-realistic live attacks. The Recon Network Defense Range also enables public and private security operations training courses, the Recon Threat Hunter Academy, Black Hat Trainings, and OpenSOC.

What tools will I be using?

SOC X is built on a suite of open source tools that provide amazing capability to hunters and responders.

Kibana
Kibana is an open source frontend application that sits on top of the Elastic Stack, providing search and data visualization capabilities for data indexed in Elasticsearch. Visit the Kibana site.

Arkime
Arkime (formerly Moloch) is a large scale, open source, full packet capturing, indexing, and database system. Through storage and indexing network traffic PCAPs, Arkime provides a fast, robust visual platform to analyze network traffic. Visit the Arkime site.

osquery
osquery is an operating system instrumentation framework for macOS, Windows, and Linux. You can use it to get statistics about your environment, but we like to use it for threat hunting and finding evil. Visit the osquery site.

Can I bring my own tool, software, agent, etc.?

No. The environment will be prebuilt with a set of detection capabilities and no additions are permitted during the event. You are, however, permitted to use whatever you deem necessary on your own client.

Are there awards for the winner(s)?

The winning team(s) will receive an amazing trophy and permanent recognition on this site for the annual champion(s).

My team is in. Now what?

Review the SOC X Rules, make sure you are familiar with the SOC X digital forensic and incident response tools (See prior FAQ "What tools will I be using"), plan your team strategy, and be ready to roll on March 4th.
 © 2020-2021
 Recon InfoSec, Inc.
 All rights reserved.
Connect on Discord