Cyber Security Exercise


3-day course dates 18-20 of March, 2019. The duration of the exercise is three days: on first day briefing, 1,5-day for exercise and half day for feedback.


The CybExer Technologies Cyber Security Exercise is a live, deep technical Red/Blue team exercise designed for practicing response to a cyber crisis according to pre-defined scenario. The scenario background is designed to be wider than it is usual in case of technical exercises. The purpose is to allow future expansion of both scenario and Gamenet as the Exercise grows year-by-year. 

The exercise shall be hosted at the Cyber Range and it will be played on a specially configured Gamenet that would simulate particular environment designed to meet the requirements of the scenario.  

The infrastructure provided in the Gamenet for the Blue Teams is initially insecure and contains several vulnerabilities. Blue Teams have to assess systems, find weak spots and develop defense tactics. The intensity and sophistication of the attacks requires good teamwork and fast decision-making on the defenders’ part. 

The goal of the exercise is to improve skills of the participants in following areas:

  • Detection and Prevention of attacks;
  • Network monitoring;
  • Situational awareness and control;
  • Handling cyber incidents;
  • Teamwork: delegation, dividing and assigning roles, leadership.

Team structure 

In general, the exercise roles are divided between the following teams:

White Team
Responsible for overall leading and controlling of the Exercise. The White Team consists of experts responsible for scenario injects, overall exercise flow, situational awareness, scoring, user simulation, inject management, etc. 

Blue Teams  
Participants in the Exercise who train their skills. From the game point of view the Blue Team acts as the “good guys” who have to defend their networks against the attacks. Blue Teams will be in competition with each other.

Red Team     
Red Team is responsible for conducting offensive activities against the infrastructure that the Blue Team has to defend. From the game point of view, they are playing against the Blue Teams. 

Green Team  
Green Team is responsible for the Range and Gamenet infrastructure during the Exercise and shall provide technical support to Blue Teams for accessing the Cyber Range and Blue Team infrastructure services necessary for the exercise. 

Learning Objectives

The Exercise is conducted in “live fire” mode – one campaign with gradually increasing intensity of the attacks. Scenario includes cooperation elements between private/public and military units. Focus shall be on communication, procedures and teamwork. 

The main mission in the Exercise is for the Blue Teams to defend a pre-built network against Red Team attacks. Blue Team defense campaign has three main missions that the participants have to successfully complete for achieving mission goals: 

  • Initial preparedness for carrying out defense; 
  • Defensive activities; 
  • Situational awareness, reporting and synthesis.

The exercise learning objectives are the following: 

  • Fostering cooperation between various actors in the cyber defense at the national level;
  • Rehearse specific defensive measures in case of an attack against a particular field or combination of fields;
  • Live reaction, planning of defense and enhancement of the environment;
  • Monitoring and analysis of attacks;
  • Generalization and synthesis of information on the attacks, in particular from the point of view of validating appropriate national defense plans and scenarios;
  • Discovery and understanding of sophisticated attack patterns and vectors against the targets;
  • Stress handling and decision making under multiple bad choices. 

Overall activities during the exercise

Activities by the Red Team: 

  • Malware
  • BGP hijacking 
  • Web attack
  • DoS 
  • Backdoor 
  • Deleting logs
  • Complete corporate domain compromise 

Activities by the Blue Team: 

  • Scanning 
  • Patching 
  • Firewalls 
  • Anti-Virus 
  • IDS/IPS 
  • System hardening 
  • Logging 
  • Monitoring 
  • Compromised corporate domain recovery

Target Audience and Experience

The target audience is exclusively technical staff or other governmental or military entities being involved in technical IT-security or cyber defense.

In order to be successful in the exercise, the team members should have knowledge and experiences in one of the following areas:

System and Network Administration 

  • TCP/IP networking IPv4 and IPv6
    • Knowledge of common network protocols, services and technologies like DNS, NTP, DHCP, HTTP, HTTPS, SMTP, POP3, IMAP, SSH, FTP, VoIP 
  • Administration of and securing Windows and Linux based systems. Some examples:
    • Windows domain and Active Directory
    • Workstations and servers based on different Windows versions – 7,8,10 and servers 2012, 2016.
    • Linux servers running on Ubuntu, Debian, CentOS distribution 
    • Firewalls based on OPNsense, MikroTik, VyOS, etc 
    • VMware vSphere virtualization platform 
    • Administration of network devices

Web Applications Technologies and Development

  • HTML, client-side and server side scripting such as JavaScript and PHP, SQL databases such as MySQL

Computer Network Defence

  • Monitoring, detecting, analyzing, reporting, resolving security incidents

Seminar on läbi.

Toompuiestee 35, Tallinn 10133