Skip Navigation
BlackBerry ThreatVector Blog

BlackBerry Triumphs at SOC X Championship

NEWS / 03.15.21 / Tony Lee

On March 4, 2021, Team BlackBerry took first place in the SOC X World Championship. A competition like no other, SOC X brings together 50 of the best Security Operations Center (SOC) and Incident Response (IR) teams from around the globe to compete against one another and prove their real-life response capabilities during authentic, advanced persistent threat (APT) attacks.

Unlike other Blue Team competitions, SOC X is not sponsored by a vendor and does not require usage of a specific vendor sponsored toolset. Instead, the event focuses on participants’ raw and diverse security skillsets.

Over the course of just eight-hours, competing teams were presented with three scenarios, containing up to 400 questions, packed full of real-world incidents to detect, investigate and remediate. Data included phishing emails, maldocs, malicious executables, persistence, and lateral movement. The BlackBerry IR team made use of its host- and network-based forensic knowledge, and malware reverse engineering skills to remediate the incidents. Questions were often sequential and relied on previously discovered knowledge to solve, while others were more open-ended and required prior documentation gathered by the BlackBerry IR team.

Responding to the hyper-realistic APT attacks, BlackBerry’s strategy was to divide the five-man team according to individual skills and strengths, with two of the team members taking ownership of malware reversing, and the other three experts in host and network forensics. The team communicated constantly throughout and fully documented questions and answers to effectively hand-off incident threads between each other when needed.

The competition was tough, but BlackBerry outperformed 49 other SOC teams to take home the prize. Everyone involved had a great time sharpening their skills and advancing their training for real-world scenarios.

Congratulations to the entire BlackBerry Incident Response Team, and especially those who represented us in the competition:

  • Codi Starks
  • Ryan Chapman
  • Chapin Bryce
  • Will Ikard
  • Rocky De Wiest

The BlackBerry® Security Services team performs a wide variety of Digital Forensic/Incident Response (DFIR) services for clients. Leveraging a world-class forensic laboratory, the IR team is able to quickly secure the chain of evidence and process data and devices. 

Learn more about how the BlackBerry IR team helps customers resolve cyber incidents. 

Tony Lee

About Tony Lee

Vice President, Global Services Technical Operations, BlackBerry

Tony Lee has more than fifteen years of professional research and consulting experience pursuing his passion in all areas of information security.

As an avid educator, Tony has instructed thousands of students at many venues worldwide, including government, universities, corporations, and conferences such as Black Hat. He takes every opportunity to share knowledge as a contributing author to Hacking Exposed 7, and is also a frequent blogger, researcher, and author of white papers on topics ranging from Citrix Security, the China Chopper Web shell, and Cisco's SYNFul Knock router implant.

Over the years, he has contributed many tools to the security community such as UnBup, Forensic Investigator Splunk app, and CyBot, the extensible Threat Intelligence Bot framework designed for anyone from a home user to a SOC analyst.