Registration has closed
Participation is limited to US Citizens associated with the Department of Energy (federal employees, contractors, etc.).
Participants will be broken up into three teams, network archaeology, malware analysis, and host forensics, along with an incident coordinator, to re-work a prior incident. Participants are given the initial indicator of compromise and initial piece of evidence collected and then work with a mock IT and CI team to gather new evidence to solve the incident.
This is not an event to learn a new skill (host forensics, malware reverse engineering, etc.), but rather sharpen existing skills working with real data.