3-day course dates 18-20 of March, 2019. The duration of the exercise is three days: on first day briefing, 1,5-day for exercise and half day for feedback.
The CybExer Technologies Cyber Security Exercise is a live, deep technical Red/Blue team exercise designed for practicing response to a cyber crisis according to pre-defined scenario. The scenario background is designed to be wider than it is usual in case of technical exercises. The purpose is to allow future expansion of both scenario and Gamenet as the Exercise grows year-by-year.
The exercise shall be hosted at the Cyber Range and it will be played on a specially configured Gamenet that would simulate particular environment designed to meet the requirements of the scenario.
The infrastructure provided in the Gamenet for the Blue Teams is initially insecure and contains several vulnerabilities. Blue Teams have to assess systems, find weak spots and develop defense tactics. The intensity and sophistication of the attacks requires good teamwork and fast decision-making on the defenders’ part.
The goal of the exercise is to improve skills of the participants in following areas:
- Detection and Prevention of attacks;
- Network monitoring;
- Situational awareness and control;
- Handling cyber incidents;
- Teamwork: delegation, dividing and assigning roles, leadership.
In general, the exercise roles are divided between the following teams:
Responsible for overall leading and controlling of the Exercise. The White Team consists of experts responsible for scenario injects, overall exercise flow, situational awareness, scoring, user simulation, inject management, etc.
Participants in the Exercise who train their skills. From the game point of view the Blue Team acts as the “good guys” who have to defend their networks against the attacks. Blue Teams will be in competition with each other.
Red Team is responsible for conducting offensive activities against the infrastructure that the Blue Team has to defend. From the game point of view, they are playing against the Blue Teams.
Green Team is responsible for the Range and Gamenet infrastructure during the Exercise and shall provide technical support to Blue Teams for accessing the Cyber Range and Blue Team infrastructure services necessary for the exercise.
The Exercise is conducted in “live fire” mode – one campaign with gradually increasing intensity of the attacks. Scenario includes cooperation elements between private/public and military units. Focus shall be on communication, procedures and teamwork.
The main mission in the Exercise is for the Blue Teams to defend a pre-built network against Red Team attacks. Blue Team defense campaign has three main missions that the participants have to successfully complete for achieving mission goals:
- Initial preparedness for carrying out defense;
- Defensive activities;
- Situational awareness, reporting and synthesis.
The exercise learning objectives are the following:
- Fostering cooperation between various actors in the cyber defense at the national level;
- Rehearse specific defensive measures in case of an attack against a particular field or combination of fields;
- Live reaction, planning of defense and enhancement of the environment;
- Monitoring and analysis of attacks;
- Generalization and synthesis of information on the attacks, in particular from the point of view of validating appropriate national defense plans and scenarios;
- Discovery and understanding of sophisticated attack patterns and vectors against the targets;
- Stress handling and decision making under multiple bad choices.
Overall activities during the exercise
Activities by the Red Team:
- BGP hijacking
- Web attack
- Deleting logs
- Complete corporate domain compromise
Activities by the Blue Team:
- System hardening
- Compromised corporate domain recovery
Target Audience and Experience
The target audience is exclusively technical staff or other governmental or military entities being involved in technical IT-security or cyber defense.
In order to be successful in the exercise, the team members should have knowledge and experiences in one of the following areas:
System and Network Administration
Web Applications Technologies and Development
Computer Network Defence