04-06 March 2020
Wavespace, EY Amsterdam

EY and CybExer Technologies will organize the CYBER CoRe (Cooperative Resilience) event this year in the WaveSpace of the EY office in Amsterdam 04-06 March 2020. During this 3-day event your blue team skills will be tested in a Live Fire exercise of defending a full-scale IT Infrastructure against Red Team cyberattacks.

The CYBER CoRe event is an excellent opportunity for your IT security team to test their methodology and skills of mitigation, detection and response to high frequency cyberattacks that will be launched on their IT infrastructure. Multiple blue teams participate in the exercise and compete against each other to keep their IT infrastructure protected against attacks performed by a real-life Red Team and test their capabilities under the pressure of a continuous flow of attacks and real-life based scenarios. Participating in this event is an excellent way to test and develop your skills in handling real-life cyberattack by means of Identification, Protection, Detection, Response, Recovery and Reporting.

Critical Infrastructure Component

CYBER CoRE 2020 Amsterdam will include a novel component in our series of events – a Critical Infrastructure (CI) component.

This year exercise Gamenet includes a fully virtualized simulation of Energy Company control room related systems that are used to manage energy distribution network. Exercise participants will have access only to the Human-Machine Interface in the control room that visualizes processes in a critical infrastructure that is not related to IT systems. The data sources are operated by the exercise organizers and are not subject to attacks and defenses.


Day 0: 4 March 202009:00 – 10:00 Site setup and familiarization
10:00 – 12:00 Blue Team briefings, Gamenet and communication system introduction
12:00 – 13:00 Running lunch
12:00 – 14:45 Gamenet familiarization
14:45 – 15:30 Communication Checks
15:30 – 16:00 Blue Team Internal Strategy Meeting (roles, tactics)
16:00 – 16:30 Blue Team Gamenet Familiarization Continues
16:30 – 17:00 End of day 0 – Feedback Session
17.00 – All systems are reverted to initial state

Day 1: 5 March 202008:50 – 09:00 Communication checks
09:00 – 09:10 Opening remarks
09:10 – 09:15 Mission brief
12:00 Deadline for Blue Team Situation Report I (SITREP I)
12:00 – 13:00 Running lunch (Exercise continues)
15:30 Deadline for Blue Team Situation Report II (SITREP II)
16:30 End of Day 1, Gamenet closed
16:40 – 17:00 Feedback Session

Day 2: 6 March 202008:50 – 09:00 Communication checks
09:00 Mission Brief II and Day II starts
11.00 Deadline for Blue Team Situation Report III (SITREP III)
12:00 – 13:00 Running lunch (Exercise continues)
14:10 Deadline for Blue Team Situation Report IV (SITREP IV)
14:20 ENDEX of CoRe NLD Execution
15:00 Hot washup meeting
• White Team feedback to Blue Teams
• Red Team campaign overview
• Blue Team feedback
• Success
• Failures

Target group

The target audience for this exercise is technical staff involved in technical IT-security or cyber defense, reporting and analytical staff, and their team management. To be successful in the exercise, the team should have knowledge and experiences in the following areas:

Leadership (Manager / SOC Team Lead)

Manage incident response, lead the exercise team and coordinate efforts with other parties when needed.

Reporting and Communication

• Create incident reports to immediately document and report loss/compromise, suspected compromise, suspicious contact, or other activity involving systems in team’s responsibility.
• Compose situation reports for executive leadership or other parties that may include key findings, monitoring and incident summaries, threat assessments and recommendations.

System and Network Administration

• TCP/IP networking: knowledge of common network protocols, services and technologies like DNS, NTP, DHCP, HTTP, HTTPS, SMTP, POP3, IMAP, SSH, FTP, VoIP, at least basic knowledge about IPv6
• Administration of and securing Windows and Linux based systems. Some examples: Windows domain and Active Directory, workstations and servers based on different Windows versions, Linux servers running on Ubuntu and Debian distribution, Firewalls based on OPNsense or iptables, proxy servers, VMware vSphere virtualization platform, Administration of network devices, Programming skills in high-level language.

Web applications, technologies and development

HTML, client-side and server-side scripting such as JavaScript and PHP, SQL databases such as MySQL

Computer Network Defense

Monitoring, detecting, analyzing, reporting, resolving, security incidents

Costs & registration

The price for a seat in a blue team is € 2500 per person.

If you would like to participate please see registration info at EY website


Jurgen de Kok
Senior Manager Cybersecurity
+31 6 5555 2655

Niels Vonk
Manager Cybersecurity
+31 6 2125 1119

Have a look at a short video of the previous edition of the CYBER CoRe event from March 2019