Cyber Fire Simulation

Cyber Fire Simulation

Cyber Fire Simulation gives participants a week to work with actual data from a historical event, with veteran investigator assistance.

Cyber Fire Simulation is an immersive cyber security incident response exercise where attendees practice responding to an incident as a whole. Participants will be broken up into three teams, network archaeology, malware analysis, and host forensics, along with an incident coordinator, to re-work a prior incident. Attendees start with the initial indicator and piece of evidence collected and work as one large team to respond to the incident. The incident response team is expected to process network traffic, event logs, packet capture, memory images, hard drive images, and windows registry, give daily briefings to executive management on the incident, make recommendations on remediation, and track infected resources, evidence, and indicators of compromise. Event staff serve as mock IT, distributing collected evidence when asked, mock counterintelligence, sharing indicators to keep the group progressing, and as general computer security experts giving other tips and tricks as needed.

What to Bring

A laptop with your favorite incident response and forensics tools. Participants will be told in advance which team you will be on before the event so you can prepare your favorite tools.

Next Event

Date: November 26th-29th

Location: Argonne National Laboratory

Register: https://sites.google.com/view/cyberfire/simulation/argonne-simulation