SANS Digital Forensics Contest and Summit to Combat Advanced Persistent Threat Hackers

A digital forensics contest based on real-world malicious software will push investigators to learn and improve their detective skills - as advanced persistent threat hacking groups achieve new levels of success.

The contest's theme - how to combat complex threats - is tied directly to the 2010 Digital Forensics and Incident Response Summit sponsored by the SANS Institute.

Sherri Davidoff, Eric Fulton, and Jonathan Ham structured the contest partially around the threat posed by advanced persistent threat hackers, and their potential to steal intellectual property with a targeted attack (spear phishing.)

Here is the background: Ann Dercover is after SaucyCorp's secret sauce recipe. She's been trailing the lead developer, Vick Timmes, to figure out how she can remotely access SaucyCorp's servers. One night, while conducting reconnaissance, she sees him log into his laptop. Ann launches a client-side spear phishing attack against Vick Timmes. Ann carefully crafts an email to Vick containing tips on how to improve secret sauce recipes and sends it. Seeing an opportunity that could get him that vice president of product development title (and that corner office) that he's been coveting, Vick clicks on the link. Ann is ready to strike.

"I'm proud to announce the Jonathan and Sherri have created an amazing contest that will challenge you to use sophisticated skills and help you see the types of attacks that could be infecting your networks today," said Rob Lee, program chair, 2010 Digital Forensics and Incident Response Summit.

'Using published information based on the Aurora attacks, Sherri, Eric, and Jonathan set out to recreate a sequence of events that demonstrate the challenge investigators will face,' Lee said. 'This contest is a step in the right direction to help educate and challenge forensic professionals around the country."

Contest rules are available on the SANS website.

The contest submission deadline is June 27, 2010. The most elegant solution wins, but in the event of a tie, the entry submitted first will receive a prize. Each of the top three teams will be awarded one of the following three prizes: Two Lenovo (News - Alert) Ideapad-configured netbooks, free passes to the 2011 Incident Response and Forensics Summit, or one iPad 3G sponsored by NetWitness.

The contest and summit couldn't have come soon enough, organizers say. Over 30 companies have been compromised by advanced persistent threat hackers. And as hackers get bolder, the emphasis falls on finding more sophisticated incident responders and investigators. A properly trained incident responder could be the only defense an organization has left in place after a compromise.

The 2010 Digital Forensics and Incident Response Summit's focus this year is on examining and advancing the digital forensic professional to deal with advanced threats such as those presented by advanced persistent threat hackers.

The SANS Institute recently partnered with Trusted Computer Solutions, Inc., a developer of cross-domain and cyber-security solutions, in a webcast about a review by SANS of a TCS automated operating system lock down tool.