On March 4, 2021, Team BlackBerry took first place in the SOC X World Championship. A competition like no other, SOC X brings together 50 of the best Security Operations Center (SOC) and Incident Response (IR) teams from around the globe to compete against one another and prove their real-life response capabilities during authentic, advanced persistent threat (APT) attacks.
Unlike other Blue Team competitions, SOC X is not sponsored by a vendor and does not require usage of a specific vendor sponsored toolset. Instead, the event focuses on participants’ raw and diverse security skillsets.
Over the course of just eight-hours, competing teams were presented with three scenarios, containing up to 400 questions, packed full of real-world incidents to detect, investigate and remediate. Data included phishing emails, maldocs, malicious executables, persistence, and lateral movement. The BlackBerry IR team made use of its host- and network-based forensic knowledge, and malware reverse engineering skills to remediate the incidents. Questions were often sequential and relied on previously discovered knowledge to solve, while others were more open-ended and required prior documentation gathered by the BlackBerry IR team.
Responding to the hyper-realistic APT attacks, BlackBerry’s strategy was to divide the five-man team according to individual skills and strengths, with two of the team members taking ownership of malware reversing, and the other three experts in host and network forensics. The team communicated constantly throughout and fully documented questions and answers to effectively hand-off incident threads between each other when needed.
The competition was tough, but BlackBerry outperformed 49 other SOC teams to take home the prize. Everyone involved had a great time sharpening their skills and advancing their training for real-world scenarios.
Congratulations to the entire BlackBerry Incident Response Team, and especially those who represented us in the competition:
- Codi Starks
- Ryan Chapman
- Chapin Bryce
- Will Ikard
- Rocky De Wiest
The BlackBerry® Security Services team performs a wide variety of Digital Forensic/Incident Response (DFIR) services for clients. Leveraging a world-class forensic laboratory, the IR team is able to quickly secure the chain of evidence and process data and devices.
Learn more about how the BlackBerry IR team helps customers resolve cyber incidents.