Ransomware Live Fire Exercise

13-14 September 2021
Adelaide, SA
Register now

This event has been rescheduled. New dates are 13-14 September 2021.

Retrospect Labs, in collaboration with the A3C and AISA, are excited to offer a unique and interactive guided cybersecurity exercise that introduces key incident response concepts and covers fundamental incident response principles in a hands-on format.

Participants will be part of an Incident Response team dealing with a ransomware incident at a fictitious company. The realistic scenario has been designed and crafted to simulate a real incident response operation, providing offline files and live elements that participants will interact with.

As participants work their way through the scenario, incident response methodologies and best practices will be discussed and then immediately put into practice, thereby solidifying learnings and providing participants with first-hand experience in achieving desired incident response outcomes.

This course is suitable for junior security analysts who have limited experience in incident response.

Course details

Dates: 13-14 September 2021
Time: 9:00am to 4:00pm each day
Delivery: In person (pending COVID-19 guidelines – we note that the COVID-19 situation remains fluid and will continue to monitor the situation as it evolves. Any impacts to this training will be communicated as early as possible.)
Location: Lot Fourteen, Frome Road, Adelaide
Price: $2000 +GST per participant (invoice to be sent soon after we receive registration - there is a 10% discount for A3C and AISA members, just let us know your membership details when we contact you)

Please note that this course has limited places. Sign up quick and avoid disappointment!

What to expect

Participants can expect to:

  • Evaluate evidence and communicate with the victim organisation. Appropriately answer their questions and manage their expectations.
  • Perform forensic analysis on a range of different artefact types.
  • Analyse malicious files to determine and understand what nefarious activities have occurred.
  • Leverage MITRE ATT&CK to guide analysis activities and to communicate findings in a consistent and straight forward manner.
  • Capture findings and ensure accurate record keeping using a case management system.
  • Develop a detailed and effective remediation plan.
  • Be exposed to a range of different skillsets (both technical and non-technical), required to appropriately manage every aspect of an incident response operation.

At the end of the exercise, participants will know how to effectively respond to the malicious tradecraft used by cyber adversaries to target, compromise and disrupt victim networks through a ransomware attack.

Suitable roles to attend

This course is suitable for junior security analysts who have some to limited experience in incident response.

If you are in a security operations related role (such as SOC analyst, threat intelligence analyst, and incident responder) and have had limited hands-on experience responding to incidents, or if you're in a non-technical role, and want to grow your knowledge of incident response, this course is for you! 

About the instructors

Retrospect Labs specialise in cyber security exercises. Our team is led by former Australian Government incident responders who have countered some of the most significant incidents impacting Australian Government and critical infrastructure.

We are committed to delivering meaningful cyber security exercises to upskill Australian cyber professionals so they, and the organisations they work for, can be ready for any incident.

Terms and Conditions

Please review the Terms and Condition for this course.


Please fill out the form to register for this event. We will be in touch soon once we receive your submitted form.