A week-long, hands-on computer security training and exercise for cyber defenders in the Department of Energy, other government agencies, government contractors, and related critical infrastructure.
The event consists of 2 days of intensive, hands-on training, followed by a 2-day exercise designed to reinforce the training and introduce more new concepts.
First time attending?
Introduce fundamental concepts in the four elements of incident response: network archaeology, host forensics, malware analysis, and incident coordination.
Do you know what DNS and SMTP are for? Ever written a for loop in Bourne shell?
Inspect network traffic and log files to find evidence, malware, or behavior. Reverse engineer unknown binary protocols.
Have you ever worked with Alternate Data Streams? Know the difference between FAT16 and NTFS filenames?
Investigate and retrieve malicious software artifacts from Windows systems.
Does "JNE EAX EIP" mean something to you?
Analyze malware using static and dynamic analysis techniques. Monitor the actions of executing malware and extract indicators of compromise.
Want to tie it all together, ensure information is coordinated between groups, and present the final incident report?
Coordinate a large-scale incident by tying together analysts, management, IT, and other parties.
Training is followed by a 2-day puzzle-based exercise
How it works
Participants self-organize into teams.
The teams are then let loose on a free-form
set of challenges spanning multiple categories.
Teammates work together to solve puzzles,
sharing tips and making new professional contacts.
Instructors will be available to help if your team gets stuck.
In addition to puzzles developed to test
techniques taught in the previous days' tracks,
participants can unlock hidden puzzle categories
to further develop their skills in new areas through
In previous events,
participants reported making an average of 5 new
The quality of the training tracks and exercise were each rated at greater than 4.5 out of 5.
How much does this event cost?
We do not charge participants to attend this training, but you'll need to arrange your own transportation and hotel. A government-rate block of rooms may be available for the event, and instructions to reserve a room in that block will be provided at the time of registration and in your confirmation email.
Is this a conference?
No, this is not a conference. This is a training event. This event has been exempted in iPortal.
Am I registered?
You should receive a confirmation email shortly after registering. If you don't receive one or are unsure, email firstname.lastname@example.org and we'll verify your registration status.
Can I change my registration after submitting?
Yes, you can submit a new registration to replace the old one, or send an email to email@example.com with the corrections.
What do I need to bring?
You should bring a laptop with an Ethernet port, preferably running both Ubuntu and Windows. You'll also need an Ethernet cable. We recommend bringing your own Internet connection (e.g. cellular hotspot) just in case the venue's connection is poor/non-existent. Any other software/supplies should be specified in the syllabus for your track, and you should download, install, and configure any software before coming to the event.
Can you help me set up my laptop?
Yes, instructors will be available Sunday evening to help with configuration issues.
We use Cyber Fire as an opportunity to conduct research on training effectiveness, teamwork, and how
to build a community of computer security professionals. During the Cyber Fire exercise, we may observe
your activities, record when your team checks out a puzzle, your team's puzzle solutions and times they
were submitted, and your team's written comments (if any) on the puzzles. You may choose whether or not
to participate in other research activities, including talking directly to researchers and/or filling out
questionnaires and evaluation forms. We will not record your name or other information that could identify
you as an individual in any material collected for research purposes. If you have any questions or concerns
about your rights as a human subject, please contact us via the link on this page, or contact the Los Alamos
National Laboratory Human Subjects Research Review Board at (505) 667-1848 or HSRRBfirstname.lastname@example.org.