it's hard to put into words how much running OpenSOC has meant over the years. but i'm gonna try.
i'll spare the repetitiveness--a brief summary of what OpenSOC is, if you're unfamiliar, is above. but it has become so much more than that.
what started as Eric's brainchild years ago, a project he started in order to train his own SOC at his previous job, evolved into one of our biggest contributions, if not the biggest, to the infosec community after we joined forces.
we poured 5 years of literal blood, sweat, and tears into building and evolving and growing OpenSOC, almost exclusively because we knew how much of an impact it had on the people who played. job opportunies, learning opportunities, an intellectual challenge. it was a grind, but a worthy grind.
it is something we are truly proud of. something i am truly proud of, and am honored to be a part of.
OpenSOC got me a keynote address at one of the best security conferences in the industry. OpenSOC allowed me to grow my skillsets a hundred fold. OpenSOC introduced me to some of the best and brightest people in the security field, some of whom contributed to it in huge ways. OpenSOC was a catalyst for Recon, for our team, my career, and my personal life.
i'd like to highlight some of the best parts from each of our events. picking less than a dozen photos for some of these was basically impossible.
this was our first public event. 4 of us headed to south dakota, not knowing that basically a blizzard was waiting for us upon arrival. we got rental cars and ventured into the abyss, headed for dakota state university.
we had a small classroom full of participants, Eric gave his talk, "50 shades of Graylog", and the event wound up being a success, despite some hiccups in the beginning. we learned our first lesson of traveling with the range--always have spare cables.
this was also the first and only (so far) time that i was able to make Eric laugh cry in front of a group of students and it was glorious.
this was a really fun conference. especially since it started out with an obligatory trip to fry's (RIP). we bought bawls and toys, and all was well in the world.
the event was relatively small, but it had a lot of community involvement. the lock picking crew was in the room with us, which made for great entertainment.
one of our participants even played the entire event on his phone. which is doable, since the tools are all web based, but ill-advised. he seemed to regret that decision, and i think his eyes were melting out of his head by the end, but powered through anyway.
this event was a blast. we started the trip with a Bucee's stop, and we were on our way to San Antonio.
we got to St. Mary's and set up shop.
the range, in all its sprawling glory.
if you look closely, you can see the toaster emblem stuck on our Ubiquiti USG. appropriate because of how hot these things get on the regular.
..we'll get back to that soon 😐
DEF CON 26
DEF CON 26 was our first big event. especially for me.
we'd been attending DEF CON for years, but we'd never run an event. this gained a lot of publicity for our small but scrappy crew. we were nervous but so, so excited.
the range had grown a little bit, and now fit in 3 pelican cases instead of 2.
i was also giving a talk that year on the Hacker Tracker, a project that has been near and dear to my heart since 2012.
this had nothing to do with OpenSOC, obviously, but it was part of what made this year so magical for me. i got to pour my heart into 2 projects that directly made an impact on a community that had already done so much for me since 2009.
OpenSOC ended up being a blast. stressful, but we made it happen.
in true Bromiley fashion, he brought us some of the best Vegas breakfast around before our event started. i will never forget eggslut sammiches as long as i live.
we had a to overcome a few hurdles throughout the event, including DEF CON network issues, given the complex nature of the environment we were running.
it all worked out in the end, but for a portion of the event we ended up running the range out of one of our hotel rooms on cellular. it wasn't ideal, but it got the job done.
stats from the event are here, but we had nearly 300 people participating at our first DEF CON. the room was packed, the music was on point, the blue team village vibe was epic, and i will never forget the energy in that room.
we found ourselves with enough downtime one evening to actually roam the halls of DEF CON.
since we allowed the contest to run all night, we ran into other people at the con playing OpenSOC. for us, this was a defining "WE MADE IT!" moment.
some of these nerds ended up winning the event the following year, which would earn them a DEF CON black badge, and eventually a spot on our volunteer team.
obligatory photo of the bathtub of beer at the Graylog hotel party.
obligatory photo of Kyle and i on Fremont Street after we finished running the event.
we went out in a blaze of glory that night.
Texas Cyber Summit
Texas Cyber Summit started out with, yes, another trip to Bucee's. kolaches FTW. if i remember right, my flights got screwed up this year and i ended up having to drive to San Antonio from Dallas in a rental.
small sacrifice. i am always down for a road trip.
Eric, putting all the things together.
obligatory range and toaster pic.
obligatory badge pic.
we had a smaller turnout at this event, but the folks who participated were committed. one of the winners at this event also ended up being a solid member of our volunteer crew.
this photo makes me smile, and sad at the same time. Nolan was a dear friend who passed away, and our next DEF CON would have a lot of tributes to him. he was a huge part of making DEF CON 26 a success, a critical member of the blue team village, and just an amazing soul.
had a hotdog today, and funny enough, couldn't stop thinking about one of the last rants i heard this guy go on... we all miss you, @d3vnull42 💙🌭🥃😔 https://t.co/EKv2mhmN2Z— Whitney Champion 🍪🚀 infosec.exchange/@shortstack (@shortxstack) November 16, 2018
this might be my least favorite event we ever ran.
our USG overheated. which is why the toaster is appropriate (i would later draw an angry refrigerator to replace it). it bricked itself, and thank god for mr. Jack Daniel, our hero, who brought us a Sophos firewall. thank god, a second time, that Eric knew the ins and outs of those things--he rebuilt our network on the fly, while Mr. Matt Bromiley tap danced in front of our participant audience mid event to keep them entertained while they waited for us to continue.
we had a huge incident come in during the event. this meant we were running OpenSOC, and also juggling an IR, so we basically didn't get to sleep and we were angry and full of nerd rage for most of the event.
despite our setbacks, we proved once again that we could make it through just about anything. the event ended up being another success.
we had a room full of active participants, and we made some amazing connections at this event.
here's an angry Eric and Bromiley forensicating during our "downtime".
i failed at my job as photographer at this event. i only got a handful, which is very unlike me.
since much of our team is Austin based, and Eric had spoken at BSides Austin in the past, this was almost a required event for us.
pictured above--part of our Hak5 rubber ducky scenario. we ended up retiring this scenario, mostly because we had a knack for losing said ducky when we took it on trips. and it also required a physical device to maintain and configure and rely on, which ended up being more trouble than it was worth. as you can see. computers are fun.
at some point during this event, something went wrong unrelated to OpenSOC (related to dayjob) so i spent much of the event heads down troubleshooting instead of enjoying the conference.
another success, however, and a great turnout.
DEF CON 27
oh, how i equally loathed and absolutely loved this event. let me first set the stage by saying that the pressure was turned all the way up for this one.
- we had already run one OpenSOC at DEF CON, and we knew it was going to be more participants, more scenarios, more everything than the last one.
- we were running this event immediately after running our 4 day training at Black Hat, which was where most of the pressure came from... we had hard drives failing in the range that required more than one RAID rebuild during the training days.
- the stress of the above 2 points was enough to send me into full body hives within hours of wheels down in Las Vegas. since i had never had hives before, i didn't know was happening, and thought it was some crazy allergic reaction to something in the hotel. spoiler--it was just stress. severe stress.
here's me about an hour after i got to Las Vegas and settled into my hotel room.
here's my leg about an hour later. this was all over me. all. over. i'm literally getting goosebumps and chills looking at this now because i remember how uncomfortable i was for the next 4 days.
that night, i was already losing my mind. i went all over mandalay and the luxor looking for a blanket or a sheet that wasn't hotel distributed and found nothing but this by the wee hours of the morning--a giant shark blanket. i would sleep on it for the next few nights until i realized that it had nothing to do with the sheets at all.
i woke up every hour or so every night to rub cold soda cans and washcloths soaked in ice water on my skin. i rotated towels lined with ice cubes in my bed so i could find some relief. cold showers were the only kind i took, and i stayed on a constant drip of benadryl, whiskey, and cough drops. it was awful. the saving grace those first few days was that the halls of Black Hat are always freezing and so are the classrooms, and the womens bathrooms were almost always empty when i needed to disappear to breathe.
if you didn't know how much stress and anxiety could manifest itself physically, i was a walking demonstration of what not to do.
the range no longer lived in the pelican cases that year. we upgraded to the big guy on the right corner.
so big that it was driven to Las Vegas, and then we had to rent a car to move it from Mandalay Bay to the Flamingo to transfer it from Black Hat to DEF CON. you could hear its wheels echoing as it rolled through the casino floor.
it was beautiful. 🥲
so Black Hat ended, which meant much of the stress had subsided. it was wildly successful, so in the end it was all worth it.
this was also about the time i realized that i wasn't dying of some weird plague or allergy and that it was all self inflicted and that's equally bad, but less scary. the hives began subsiding over the next several hours after Black Hat ended. the more you know.
our shirts were shipped to the hotel, and i'd just like to point out how badass they were that year.
these Hacker Tracker signs were new that year, and made me oh so proud. <3
the range, big and beautiful and glowing, during OpenSOC in the Blue Team Village.
range-ops-ing during the event.
shots of the village at peak OpenSOC. that room was magical.
some of the organizers set this up for Nolan in the village. his parents came that year, and we honored him with the scenario we wrote featuring little snippets of him. his parents talked with all of us and i was in tears.
some of our crew and some of the BTV organizers, and a badge for Nolan. <3
obligatory DEF CON shenaningans.
v3rbaal and h4r0ld got married at DEF CON that year, in the Blue Team Village. the village that they met through and organized together across continents. freaking epic. i love those two.
badge hacking at dinner. outside. in the heat. i'd just like to note that it was sweet, sweet relief to be able to be outside in the heat and not burst into bright red death all over finally.
the art that year was just so cool.
here is some of our crew waiting for our turn at the closing ceremonies. the first DEF CON closing ceremony i've ever attended to date, and i've been going since 2009. it was massive and crowded and i immediately remembered why i never went.
the moment we had all been waiting for. OpenSOC was deemed a Black Badge event that year, which was a massive honor and testament to our all of our efforts. we were to speak at the closing ceremonies and present the Black Badges to the winning team and talk a little about OpenSOC. this was both terrifying and incredible.
the last ridiculous part of the whole event was when i left for the airport, already late, got out of the taxi, and my phone fell out of my lap and into the road. i didn't notice. a car ran over it. i had already gone inside, had a minor panic attack, ran outside, and someone found it and returned it to a desk. somehow, it was still somewhat functional (albeit slightly dangerous with shards of glass poking me in the fingers and face, screen flickering) and i didn't miss my flight.
Texas Cyber Summit
this was now our second TCS event, and this one had a better turnout than the first. the event was bigger with more attendees in general, and we had a great class.
getting the room set up the night before.
i love this picture of me because this scooter would later kick my ass. we'll get to that.
obligatory badge pic. you'll notice... the year is wrong. this was actually TCS 2019. i don't know.
obligatory Hackers viewing during the event.
obligatory Texas shaped waffles. until that day, i had no idea this was a thing. where i come from, they don't make Carolina shaped waffles. either that, or i missed out for 35 years.
the scooter i mentioned. this is what it did to me. we all went out on scooters for dinner and drinks, and on the way there, i hit a bump and wound up with several more. my knees were effed, and i literally showed San Antonio my ass.
don't scooter in a skirt.
i haven't scootered since.
peak OpenSOC during the event!
TCS closing ceremonies. this event was a blast and i spent some time on the San Antonio Riverwalk after the event was over before heading home. the Iron Cactus is a forever favorite.
i'm posting this picture because this was the first time i wore these pants in public. on the plane to DC. i got some spectacular double takes.
luckily, we didn't have an IR blow up during this BSides DC. but we did have other issues. like the air conditioning not working in the room. and if i remember right, we had another issue with another USG crapping out mid event and Bromiley had to do more tap dancing until we got the issue resolved.
we stayed at my most favorite hotel for this event. i had never stayed at a Moxy before but i absolutely have to stay at one again. it was a blast. and they give you a free drink coin/token upon arrival.
the whole place just looked and felt like a party.
they had shuffleboard in the lobby, and some other games.
Aaron and Eric snuggling in the lounge.
obligatory badge pic. i loved this year's badge.
our very hot room.
do you know what happens when you cram a hundred nerds and a hundred laptops into a room and turn the AC off? take a guess.
this was our first CactusCon, and quickly became one of our favorite conferences to attend. good people, a lot of blue team focus, wicked cool art, great talks, just a fun vibe all around.
how cool are all of these?! ^^^
mr. Bromiley being the best hype man, as always.
another fun fact about mr. Bromiley--he always knows where the good food is. or how to find it. if you're ever in Mesa, this place is amazing.
this event was a hit--so much so that job offers and connections were made between teams and organizers.
"reasons we do this for 500, Alex"
i also had the honor of keynoting this event. the best part--i got to talk about everything we had poured into OpenSOC up until that point.
if you look closely, you can almost see me over the podium.
another fun fact about mr. Bromiley--he will buy you shots of whiskey before you have to give a talk because he believes in you, but also knows how terrified you are.
we got to bring OpenSOC. nerds got to play OpenSOC. we got to speak about OpenSOC. and we got to eat delicious food. 5 stars, would attend again.
and then the world got weird. it's hard to fathom that it's been 3 years now, almost to the day, that the world went upside down. at least where i was living at the time. march 16, 2020. i will never forget.
here's something i don't think anyone ever knew--i drew the Camp COVID patch as a joke (we all cope differently, and i make weird "art") when all this started.
i showed the badge to Eric and he was like, we have to do this. we have to make this a thing. we asked the community, and they said yes. so we did.
Recon and the https://t.co/ppYocDgP90 team are considering running a free OpenSOC Blue Team CTF for folks looking to stay sharp while at WFH Camp COVID! Seats would be limited, but we'll support as many as we can on a first-come basis. Any interest from the #infosec crowd? pic.twitter.com/C0pejKbhRn— Recon InfoSec (@Recon_InfoSec) March 21, 2020
we ran an event in april of 2020, called Camp COVID, and it was a hit. it was a ton of work, and it was exhausting, and we were all working from home with kids and the chaos and the world ending, but we did it.
and people loved it, and people had fun, so it was worth it.
DEF CON 28
this was also a weird event. a virtual DEF CON, a first of its kind. but we still made it happen.
needless to say, we hung out in pajamas for 99% of the event.
there's Lennart being awesome, talking about Graylog. several of our friends and teammates participated in the Blue Team Village that year, including but not limited to giving demos of the tools that would be used during OpenSOC.
aaand TJ geeking out on some ELK! we love our TJ.
it was so fun to watch.
here's Eric, deep in the throes of OpenSOC.
virtual or not, running OpenSOC is rough no matter how you cut it. scenarios, scenario validation, fixing questions/answers in the scoreboard, keeping an eye on the tools throughout the event and the ops behind them, the range ops, all of it.
we could be virtual for every event and it would still be the same lift.
the best part about doing events in person is feeling the energy and being a part of the event, so, 2020 was rough, but still a success.
i'd be remiss not to show our OpenSOC shirts for 2020. epic.
a running tradition for all of our events is the "tall screenshot". i forget when it started, but i had a chrome extension that would scroll to take a screenshot of the whole page, no matter how ridiculous it was, so i was forever deemed the taker of tall screenshots.
pretty sure this is a cropped tall screenshot.
we ran an event for Grayhat 2020, and because it was 2020, it was another virtual event.
i (sadly) do not have anything from this one. 2020 was ruff.
DEF CON 29
we did DEF CON 29 a little differently.
we didn't stay on the strip. we got an AirBnB with the team and it was the best decision we ever made.
rolling up to lunch with the team after landing in Vegas.
Eric and i came up with the idea of the nostalgic sticker pack sometime before DEF CON, and ordered them just in time. they were a hit.
everyone wanted some of these bad boys.
this AirBnB was amazing. games everywhere. pool. privacy. no slot machine noises.
obligatory DC29 badge pics.
have i mentioned that the OpenSOC team is awesome? i think this was before our fam dinner at Buca di Beppo.
nerding with friends and playing with glowsticks in one of the DC lounges.
Eric and TJ taking advantage of downtime at the house.
we roll deep.
Eric and TJ again.
we had our team, and our work cut out for us. but damn that year was fun.
Michael kept us fueled on homemade guac. we swam. we played. we watched all the movies. we enjoyed the hell out of that year.
this was also the first time our (almost) whole team had been together, so that was huge.
good friends at the Paris bar <3
ubering to DEF CON.
this ^ is Andrew. Andrew is good people. we love Krit and loved working with them. fun fact--Kelley (our amazing PM at Recon, who hired me at SPARC in 2011 and i poached for Recon a couple years ago) and i met the Krit guys way back when at one of our first SPARC Hackathons (2012? 2013?) and they won.
and then they built epic things for us at Recon.
and then they got acquired by GreyNoise. i met (other) Andrew of GreyNoise at ShmooCon 2016, when he stayed at our AirBnB, before GreyNoise was even a thing.
i feel so old putting this all into words, but i am so proud to know these people, and share a small part in their journeys.
all this to say
we have loved building OpenSOC for you.
we have loved playing OpenSOC with you.
we have loved teaching you.
we have loved mentoring you.
we have loved learning with you.
we have loved experiencing all of this with you.
OpenSOC is and will always be near and dear to our hearts, and we will be giving back in plenty of other ways going forward.
keep leveling each other up.