Security Lounge SIG

Since 2012, the Security Lounge SIG designs, develops, and conducts security challenge and competition exercises for the FIRST.org community.

Our flagship event is held during the FIRST annual conference. This SIG will maintain an archive of exercises for related events.

Mission

The SIG SecLounge aims at improving participants skills and strengthening their response and technical analysis capabilities.

By offering gamification around tools & techniques used by the FIRST community, the SIG aims at increasing diversity both in terms of profiles, genders and outreach.

The SIG contributes to the visibility of the FIRST community and the recognition of its contributions to the incident response community.

Goals/Deliverables:

Each year the Security Lounge SIG has a set of recurring goals:

1. Plan, prepare, and organize an on-site security challenge event at the annual FIRST meeting for attendees.
2. Communicate quarterly to FIRST membership of recent activities, SIG status, and upcoming events.
3. Build awareness and support for the SIG activities within and outside of the FIRST community.

For the period from June 2026 to May 2027

1. Prepare and run the annual conference CTF.
2. Organise and run up to 4 replays. Priority will be given to SIG SecLounge supporting organisation and events directly related to FIRST.org.
3. Update the content on the permanent instance of the CTF on FIRST.org website.
4. Explore options for more on-site only challenges to defeat AI.

Chair(s)

1. David Durvaux
2. Renato Otranto, Jr.

Membership

The core SIG (seclounge-sig@first.org) team does not have an open membership model. Much of the development activity of the SIG is not applicable to the general public, since it would potentially disclose restricted information to competition events.

SIG team members are made up of select experts who have a wide array of experience in areas such as systems administration, network engineering, information security forensics, data analysis, and software development.

SIG team members are expected to contribute to the development of challenges, to provide support for challenge events, and regularly participate in SIG meetings.

SIG chairs will periodically solicit or accept new members as required based on the expected workload for the coming year. Anyone interested in joining the SIG team should contact the chairs and inquire about availability and opportunities to participate in the SIG team.

SIG member adheres to the SIG SecLounge framework

Mailing Lists

• seclounge-sig@first.org
  (subscribers only, please complete the Request to Join form below)

Request to Join

• Initiatives
  • Special Interest Groups (SIGs)
    • SIGs Framework
    • Academic Security SIG
    • AI Security SIG
    • Automation SIG
    • Cybersecurity Communications SIG
    • Common Vulnerability Scoring System (CVSS-SIG)
      • Calculator
      • Specification Document
      • User Guide
      • Implementation Guide
      • Governance Guidelines
      • Examples
      • Frequently Asked Questions
      • CVSS v4.0 Documentation & Resources
        • CVSS v4.0 Calculator
        • CVSS v4.0 Specification Document
        • CVSS v4.0 User Guide
        • CVSS v4.0 Implementation Guide
        • CVSS v4.0 Examples
        • CVSS v4.0 FAQ
      • CVSS v3.1 Archive
        • CVSS v3.1 Calculator
        • CVSS v3.1 Specification Document
        • CVSS v3.1 User Guide
        • CVSS v3.1 Examples
        • CVSS v3.1 Calculator Use & Design
      • CVSS v3.0 Archive
        • CVSS v3.0 Calculator
        • CVSS v3.0 Specification Document
        • CVSS v3.0 User Guide
        • CVSS v3.0 Examples
        • CVSS v3.0 Calculator Use & Design
      • CVSS v2 Archive
        • CVSS v2 Complete Documentation
        • CVSS v2 History
        • CVSS-SIG team
        • SIG Meetings
        • Frequently Asked Questions
        • CVSS Adopters
        • CVSS Links
      • CVSS v1 Archive
        • Introduction to CVSS
        • Frequently Asked Questions
        • Complete CVSS v1 Guide
      • JSON & XML Data Representations
      • CVSS On-Line Training Course
      • Identity & logo usage
    • CSIRT Framework Development SIG
    • Cyber Insurance SIG
      • Cyber Insurance SIG Webinars
    • Cyber Threat Intelligence SIG
      • Curriculum
        • Introduction
        • Introduction to CTI as a General topic
        • Methods and Methodology
        • Priority Intelligence Requirement (PIR)
        • Source Evaluation and Information Reliability
        • Machine and Human Analysis Techniques (and Intelligence Cycle)
        • Threat Modelling
        • Training
        • Standards
        • Glossary
        • Communicating Uncertainties in CTI Reporting
      • Webinars and Online Training
      • CTI SIG Blog
      • Contributors
      • Building a CTI program and team
        • Program maturity stages
          • CTI Maturity model - Stage 1
          • CTI Maturity model - Stage 2
          • CTI Maturity model - Stage 3
        • Program Starter Kit
        • Resources and supporting materials
    • Detection Engineering & Threat Hunting SIG
    • Digital Safety SIG
    • DNS Abuse SIG
      • DNS Abuse Techniques Matrix
      • Stakeholder Advice
        • Creation of Malicious Subdomains Under Dynamic DNS Providers
        • DNS Cache Poisoning
        • DGA Domains
        • DNS as a Vector for DoS
        • DNS Beacons - C2 Communication
        • DNS Rebinding
        • DNS Server Compromise
        • DNS Tunneling
        • DoS Against the DNS
        • Domain Name Compromise
        • Fast Flux
        • Infiltration and exfiltration via the DNS
        • Lame Delegations
        • Local Recursive Resolver Hijacking
        • Malicious registration of (effective) second level domains
        • Obfuscation via Dynamic DNS
        • On-path DNS Attack
        • Stub Resolver Hijacking
        • Spoofing of a Registered Domain
        • Use of an Unregistered Domain
      • Code of Conduct & Other Policies
      • Examples of DNS Abuse
    • Ethics SIG
      • Ethics for Incident Response Teams
    • Exploit Prediction Scoring System (EPSS)
      • The EPSS Model
      • Data and Statistics
      • User Guide
      • EPSS Research and Presentations
      • Frequently Asked Questions
      • Who is using EPSS?
      • Open-source EPSS Tools
      • API
      • Related Exploit Research
      • Blog
        • Understanding EPSS Probabilities and Percentiles
        • Log4Shell Use Case
        • Estimating CVSS v3 Scores for 100,000 Older Vulnerabilities
      • Data Partners
    • FIRST Multi-Stakeholder Ransomware SIG
    • Human Factors in Security SIG
    • Industrial Control Systems SIG (ICS-SIG)
    • Information Exchange Policy SIG (IEP-SIG)
    • Information Sharing SIG
      • Malware Information Sharing Platform
    • Insider Threat SIG
    • Law Enforcement SIG
    • Malware Analysis SIG
      • Malware Analysis Framework
      • Malware Analysis Tools
    • Metrics SIG
      • Metrics SIG Webinars
    • NETSEC SIG
    • Public Policy SIG
    • PSIRT SIG
    • Red Team SIG
    • Security Lounge SIG
      • Security Lounge SIG Framework
    • Security Operations Center SIG
    • Standards SIG
    • Strategic Thinking and Planning SIG
    • Threat Intel Coalition SIG
      • Membership Requirements and Veto Rules
    • Time SIG
    • Traffic Light Protocol (TLP-SIG)
    • Transportation and Mobility SIG
    • Vulnerability Coordination
      • Multi-Party Vulnerability Coordination and Disclosure
      • Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure
    • Vulnerability Reporting and Data eXchange SIG (VRDX-SIG)
      • Vulnerability Database Catalog
    • Women of FIRST
  • CCB Initiatives
  • FIRST CORE
    • Sponsorship Opportunities
  • Internet Governance
  • IR Database
  • Fellowship Program
    • Application Form
  • Mentorship Program
  • IR Hall of Fame
    • Hall of Fame Inductees
  • Victim Notification
  • Volunteers at FIRST
    • FIRST Volunteers
  • Member Spotlight
  • Previous Activities
    • Best Practices Contest