This year, we'll be hosting the Splunk Boss of the SOC (BOTS) contest during Insomni'hack, on the Thursday 22nd afternoon.
BOTS is a blue-team CTF where participants use Splunk — and other tools — to answer a variety of questions about security incidents that have occurred in a realistic but fictitious enterprise environment. It's designed to emulate how real security incidents look like and the type of questions analysts have to answer. You’ll be endorsing the role of an incident responder, facing down an adversary at all stages of an attack.
The event will take place on the 22nd of March and will last for 3 to 4 hours. You will play in a team of 1-4 people and compete against other participants. In the competition, your team plays the role of the quirky Security Analyst "Alice Bluebird” who goes from organization to organization helping investigate security incidents using Splunk. Each team is presented with a list of questions of varying difficulty through an automated BOTS scoring server. Each correct answer will be rewarded with an amount of points proportional to the question's difficulty. All questions require you to use Splunk to search, but not all questions can be answered without the help of other open source intelligence resources. Just like in the real world.
So what's next?
You don’t know Splunk yet? No problem! Check out our "Hunting with Splunk: The Basics", which has been created specifically to prepare teams for what they will face in BOTS.
You don’t fill comfortable enough yet but would love trying it with a team ? Drop us an email at bots [at] insomnihack [dot] ch.
The event is open to everyone! You must register to participate : http://live.splunk.com/BOTS_Geneva_2018. Please note that registration for the BOTS does not grant entry for the conferences, only for the BOTS contest.
Offensive or defensive, don’t miss our CTF events at Insomni’hack 2018!