Tracer FIRE is a program developed by Sandia and Los Alamos National Laboratories to educate and train Cyber-Security Incident Responders, Analysts, and University Students, in critical skill areas including: incident response, forensic investigation and analysis, file systems, memory layout and malware analysis.

Goal:

The objective of this event is to provide undergraduate students with the opportunity to participate in their first Capture the Flag challenge and become accustomed to working in a collaborative team setting. 

Additionally, graduate students were given the chance to participate to further enhance their skill. 

Benefits:

• Networking opportunities. Sandia National Laboratory (SNL) representatives networked with students and provided internship opportunites

• Improved soft skills. Students had to actively communicate and listen to efficiency complete the challenges

• Learning opportunities. Students learned about software and techniques used by SNL and some students were introduced to the field of cybersecurity

Number of Participants:

112 total participants, with 20 students from University of Nevada Las Vegas.

Student Demographic:

Majors of Students:

75%, Bachelors of Computer Science

10%, Masters of Cybersecurity

5%, Bachelors of Cybersecurity

5%, Exploring Majors

Gender of Students:

80%, Male

20%, Female

Academic Standing:

90%, Undergraduate

• 4 Freshmen

• 5 Sophomore

• 5 Juniors

• 4 Seniors

10%, Graduate

• 2 Masters

Student Testimonies:

"The Tracer Fire CTF was my first official CTF and for the first time competing I’d say that it was definitely challenging me to explore and learn with different tools such as Autopsy, Velociraptor and Kibana which was my personal favorite...Overall I enjoyed the Sandia CTF and it has showed me what I can expect from real world." - Arturo, Computer Science Undergraduate

"Id say sandia CTF couldnt have been a better first CTF to go to. It was a great experience and it was really cool to understand the different tools you have to use...Overall a really awesome experience id happily do again!" - Faris, Computer Science Undergraduate

"For my first "college level" CTF, that was a swell time I'm NGL it was not what I expected at all however, I believe I learned a lot and became more invested into cybersecurity offensive concepts after the session... Overall, I thank Sandia and Man and I'm hyped to do another CTF" - Gabriel, Computer Science Undergraduate

"I learned how to use Autopsy as a tool to view metadata from emails...I also learned how to use Elastic which works similar to Splunk, allowing a cyber professional to query data needed to observe attacks/events." - Rebecca, Computer Science Undergraduate

"Tracer FIRE XI was a well-balanced program that was accessible for beginners yet also stimulating for more experienced participants. Tools such as Kibana, Velociraptor, Autopsy, and Arkime were presented and explained... Personally, as a beginner, the information and scope was overwhelming, but I appreciate the opportunity to grow my skills and network with like minded individuals." Zo Fredroe, Computer Science Undergraduate

"While my team didn't place 1st for the CTF but got 1st for UNLV, it was still extremely enjoyable, as it really got me thinking of where I could improve when it comes to incident response and how we as a university could improve for future CTFs with an incident response theme or setup....Overall a great event and looking forward to the next TracerFire CTF!" - Angel, Cybersecurity Undergraduate

Outcome:

Overall, the event accomplished the project goal of this initiative: to provide undergraduate students with their first Capture the Flag experience and engaging in team collaboration. The metric of success was measured by the tesimonals from the students. This event would not have been possible with the support and guidance from the following individuals: Kevin, Casey, Dr. Kim and Dr. Jo.

Location : SEB 1243

Dates: October 20th - 22nd

Communications (Send your email to vum6@unlv.nevada.edu) : Click Me

Friday, October 20th 2023

• 6:00 PM - 6:10 PM  Tracer FIRE Introductions

• 6:10 PM - 6:30 PM  IR and Cybersecurity Talk

• 6:30 PM - 7:00 PM Sandia Info Session

• 7:00 PM - 8:00 PM Chat with the Tracer FIRE Team

Saturday, October 21st 2023

• 9:30 AM - 10:00 AM     Breakfast

• 10:00 AM - 10:15 AM Tracer FIRE Account Setup

• 10:15 AM - 10:30 AM Introduction to Sysmon & Windows Event Logs

• 10:30 AM - 11:00AM     Introduction to Elastic Stack

• 11:00 AM - 11:15 AM     Introduction to Disk Forensics with Autopsy

• 11:15 AM - 11:25AM     Break

• 11:25AM- 12:00 PM     Introduction to Disk Forensics with Velociraptor

• 12:00 PM - 1:30 PM     Lunch

• 1:30 PM - 1:45 PM     Cyber Assurance Presentation

• 1:45 PM - 2:15 PM     Introduction to RE with Ghidra

• 2:15 PM - 2:30 PM     Introduction to PCAP Analysis with Arkime

• 2:30 PM - 2:40 PM   TF11 Story Overview

• 2:40 PM - 5:45 PM   Chat with the Tracer FIRE Team

• 5:45 PM - 6:00 PM   TF11 Exercise will Remain Open (without support)

• 6:00 PM   Dinner

Sunday, October 22nd 2023

10:30 AM - 2:30 PM TF11 Exercise (with support)

2:30 PM - 2:50 PM Preparations - Team Debriefs (Scoring Pause)

2:50 PM - 3:50 PM Private Top Team Debriefs (Optional)

3:50 PM - 4:00 PM Debrief Point Deliberations

4:00 PM - 4:30PM Scenario Overview & Closing