Teams will have access to a compromised network and a set of integrated digital forensics and incident response tools (see DFIR Tools list on the SOC X website).
The Scoreboard will unlock questions sequentially and unlock new threads from time to time. The Scoreboard will track and present all teams by the number of points.
Just like in the real world, speed counts. There are multiple compromises and hundreds of questions.
Just like in the real world, accuracy counts. You can’t guess your way through a real incident investigation. Therefore, challenge questions offer a limited number of correct answer attempts. Most questions will lock after four incorrect answers. Some specifically flagged questions only offer one or two attempts.. Answer carefully because once a question is locked, you will be locked out of the rest of that investigation thread. Do not ask for an unlock unless you feel there is a technical issue with the challenge itself.
The team with the highest number of total points at the end of the competition is the Winning Team. The place of teams finishing with the same number of points will be determined by the chronological order with which they achieved that score.
Teams may not consist of more than the five (5) originally registered individuals. This will be closely monitored by SOC X staff throughout the event.
Teams may not broadcast, screen share, or in any other way share competition material during the event. Posting materials (videos, blog posts, etc) after the event is allowed.
Teams may not interact with the scoreboard or range systems in a way that is unintended or unreasonable. This includes but is not limited to probing for vulnerabilities, trying to access locked/protected content, trying to access answers or queries submitted by other teams, etc.
Teams are allowed to use any tools they choose, so long as the tool does not interfere with the range or the experience of other participants which precludes any tools that would need to be installed inside the range. In other words, you can use any tool you have local on your own system, but you cannot install anything inside the range environment.
