Skip to content


It’s that time of year again - DEF CON! We were thrilled to run OpenSOC again at DEF CON this year, even if it had to be virtual (fingers crossed we’re all in person again in 2022).

We kept our 2 day event format from the last few years: all day general round, and finals for the top 20 teams the next day. We did have a surprise for the finalists--instead of the usual scenarios already in progress in our range, they got 14 data dumps and had to use memory and disk forensic analysis to get through the challenges. As real life and as challenging as possible.


  • 249 participants
  • 90 teams
  • Over 1,100 challenges
  • ~5.2 osquery Queries Per Minute
  • ~106 Kibana Queries Per Minute
  • ~134 Arkime Queries Per Minute
  • 14+ hours of competition


We ran 14 scenarios with almost 700 challenges in the general round. The finals round included 2 scenarios with over 400 challenges.

That’s over 1,100 challenges that had to be prepared, written, executed, and validated several times ahead of the event. The OpenSOC team showed up and came through big, making sure all of these were ready for the best and to keep teams busy for 2 full days at DEF CON.


We had no hiccups throughout the event, and we were THRILLED.


Huge congratulations to our top 5 teams!

  1. Blackberry - IR1
  2. Farming Simulator 2: Electric Boogaloo
  3. Blackberry - IR2
  4. The Scoreboard is Down
  5. Don’t Fancy it Really

Also a shout out to EagleManDFIR for being the only solo player to make the finals!


Thank You

As always, we can’t put on an event like this without you. Thank you to everyone who jumped in, mentored others throughout the event, answered questions, and just helped the community!

We hope everyone had a great time! We love running OpenSOC and wouldn’t be able to do it without this entire team. We spent countless hours working together to make this event a success.

One of the best parts of OpenSOC is being able to give back to a community that has provided us with so much of what we use and rely on every day--thank you for helping us continue to grow that. We hope to see you at one of our next events, and hopefully in person again soon!

Follow us on Twitter and LinkedIn to stay up to date with the latest Recon news, and also check out our training offerings if you want to get your team involved.