Cyber Fire Simulation
A Cyber Fire Simulation
Cyber Fire Simulation gives participants a week to work with actual data from an historical event, with veteran investigator assistance.
This is not an event to learn a new skill (host forensics, malware reverse engineering, etc.), but rather sharpen existing skills working with real data.
Cyber Fire Simulation is an immersive cyber security incident response exercise where attendees practice responding to an incident as a whole. Participants will be broken up into three teams -- network archaeology, malware analysis, and host forensics -- along with an incident coordinator, to re-work a prior incident. Attendees start with the initial indicator and pieces of evidence collected and work as one large team to respond to the incident. The incident response team is expected to process network traffic, event logs, packet capture, memory images, hard drive images, and windows registry, give daily briefings to executive management on the incident, make recommendations on remediation, and track infected resources, evidence, and indicators of compromise. Event staff serve as mock IT, distributing collected evidence when asked, mock counterintelligence, sharing indicators to keep the group progressing, and as general computer security experts giving other tips and tricks as needed.
What to Bring
A government owned laptop with your favorite incident response and forensics tools. Participants will be told in advance which team you will be on before the event so you can prepare your favorite tools.
When: January 22nd - 25th
Where: Information Assurance Response Center (IARC) / Nevada National Security Site (NNSS). 232 Energy Way, North Las Vegas, NV 89030