A week-long, hands-on computer security training and exercise for cyber defenders in the Department of Energy, other government agencies, government contractors, and related critical infrastructure.Register Upcoming Events
Introduce fundamental concepts in the four elements of incident response: network archaeology, host forensics, malware analysis, and incident coordination.
Coordinate a large-scale incident; tying together analysts, management, IT, and other parties.
Inspect network traffic and log files to find evidence, malware, or behavior. Reverse engineer unknown binary protocols.
Investigate and retrieve malicious software artifacts from Windows systems.
Analyze malware using static and dynamic analysis techniques. Monitor the actions of executing malware and extract indicators of compromise. Reverse engineer malware and recognize encoding schemes to decode communications. Learn about special topics including malicious document analysis, string obfuscation techniques, and YARA rule creation.
Participants self-organize into teams. The teams are then let loose on a free-form set of challenges spanning multiple categories. Teammates work together to solve puzzles, sharing tips and making new professional contacts. Instructors will be available to help if your team gets stuck.
In addition to puzzles developed to test techniques taught in the previous days' tracks, participants can unlock hidden puzzle categories to further develop their skills in new areas through learn-as-you-play exercises.
In previous events, participants reported making an average of 5 new professional contacts. The quality of the training tracks and exercise were each rated at greater than 4.5 out of 5.
We do not charge participants to attend this training, but you'll need to arrange your own transportation and hotel. A government-rate block of rooms may be available for the event, and instructions to reserve a room in that block will be provided at the time of registration and in your confirmation email.
No, this is not a conference. This is a training event. This event has been exempted in iPortal.
You should receive a confirmation email shortly after registering. If you don't receive one or are unsure, email firstname.lastname@example.org and we'll verify your registration status.
Yes, you can submit a new registration to replace the old one, or send an email to email@example.com with the corrections.
You should bring a laptop with an Ethernet port, preferably running both Ubuntu and Windows. You'll also need an Ethernet cable. We recommend bringing your own Internet connection (e.g. cellular hotspot) just in case the venue's connection is poor/non-existent. Any other software/supplies should be specified in the syllabus for your track, and you should download, install, and configure any software before coming to the event.
Yes, instructors will be available Sunday evening to help with configuration issues.
Mid to late 2017
Mid to late 2017
Cyber Inferno 2017W will be held in the Western US in mid to late 2017.
Cyber Fire 8E will be held in the Eastern US in mid to late 2017.
We use Cyber Fire as an opportunity to conduct research on training effectiveness, teamwork, and how to build a community of computer security professionals. During the Cyber Fire exercise, we may observe your activities, record when your team checks out a puzzle, your team's puzzle solutions and times they were submitted, and your team's written comments (if any) on the puzzles. You may choose whether or not to participate in other research activities, including talking directly to researchers and/or filling out questionnaires and evaluation forms. We will not record your name or other information that could identify you as an individual in any material collected for research purposes. If you have any questions or concerns about your rights as a human subject, please contact us via the link on this page, or contact the Los Alamos National Laboratory Human Subjects Research Review Board at (505) 667-1848 or HSRRBfirstname.lastname@example.org.