Thoughts on IR Team Building Exercise

 

Introduction

On June 23rd Ans, Raven, Jimmy, and myself completed the OpsDrill Incident Response escape room exercise tasked to us by Dr. R. Not knowing what to expect, but having a background in incident response, I really looked forward to compelting this. Needless to say I wasn’t disappointed. The simulation took us over 2 hours to complete, so it clearly wasn’t easy. I also liked the fact that a team could complete the exercise with no prior technical knowledge per-se (even though our group had it). Our group has myself (a former digital forensics & incident response analyst), Chris (a college CTO), Jimmy (with immense background in IT), Ans (a medical doctor with health IT background), and Raven (a recent college digital forensics graduate). I feel that our diverse group worked to our advantage as we were able to reason within our expertise and prvide such insight to the group. The only major drawback, in my honest opinion, was that we had never formally met prior to the exercise so there defintiely was some ice-breaking during the first 15 or so minutes of the exercise. It seemed that at first we were all trying our own stuff, but quickly learned that if we shared our finding, both screen and verbally, we moved along MUCH better. I’ll admit we did have to cheat and accept a password hint to move beyond the password solve and stay on track with the clock. I think we all were under the impression that it was impossible to solve that challenge within our expertise that evening based on the information we had to work with. Nonetheless, we were glad that those hint benchmarks DID exist and we weren’t stuck in the game for the duration. This allowed us to continue on and enjoy the game until the end. We did, however, find out that at the end that our “cipher wheels” were not synced and we couldn’t all match up. We did figure it out based upon 2 of the 5 having a matching hash. However, I do believe that was a glitch in our session and not an error on our part.

Moreover, I enjoyed the realism of the exercise and the ability to get to meet and work with a few of my classmates. I did not like that I could not search the log files of the exercise with GREP/regular expressions, but that’s just the geek and former DFIR in me. I also believe that we would have performed much better and more efficiently had we been doing this in-person, but Zoom worked just fine.

Conclusion

All-in-all a fun exercise and a great ice-breaker for any upper level undergrad, masters level, or doctorate level student. It might be a little bit too much for a first or second year undergraduate student as it does require a good deal of communication and leadership skills. I would love to do another one at some point if given the chance!