Rapid Cyber CoRe 2020

CybExer Technologies will organize the RAPID CYBER CoRe (Cooperative Resilience) event this year in online format from 07-08 OCT 2020. During this 2-day event your Blue Team skills will be tested in a Live Fire exercise of defending a full-scale IT Infrastructure against Red Team cyberattacks.

The RAPID CYBER CoRe event is an excellent opportunity for your IT security team to test their methodology and skills of mitigation, detection and response to high frequency cyberattacks that will be launched on their IT infrastructure. Multiple Blue Teams participate in the exercise and compete against each other to keep their IT infrastructure protected against attacks performed by a real-life Red Team and test their capabilities under the pressure of a continuous flow of attacks and real-life based scenarios. Participating in this event is an excellent way to test and develop your skills in handling real-life cyberattack by means of Identification, Protection, Detection, Response, Recovery and Reporting.

Exercise format updates

  1. Shortened time of the exercise – exercise now lasts only two days and actual engagement for participating teams is one day (first day is for voluntary preparations and familiarization in gamenet, second day for actual gameday);
  2. Cut down the network size and Red Team campaign to accommodate teams with minimum 4 members and maximum 6 members;
  3. Added additional challenges besides Live Fire element – mainly addressing the current threat landscape incidents:
    1. Investigating e-mail based social engineering attacks;
    2. Handling IT resources misuse incidents related to CryptoJacking;
    3. Reverse engineering.

Critical Infrastructure Component

Since CYBER CoRE 2020 Amsterdam the exercise includes a novel component in our series of events – a Critical Infrastructure (CI) component.

Exercise Gamenet includes a fully virtualized simulation of Energy Company control room related systems that are used to manage energy distribution network. Exercise participants will have to defend the Human-Machine Interface (HMI) in the control room that visualises a processes in a critical infrastructure that is not related to IT systems. The data sources are operated by the exercise organizers and are not subject to attacks and defenses.

Agenda

Day 0: 7 Oct 2020 (0900-2000 CET)

  • 09:00 – 10:00 Connectivity set-up to cyber range and familiarization
  • 10:00 – 12:00 Blue Team briefings, Gamenet and communication system introduction
  • 12:00 – 13:00 Running lunch
    12:00 – 14:45 Gamenet familiarization
  • 14:45 – 15:30 Communication Checks
  • 15:30 – 16:00 Blue Team Internal Strategy Meeting (roles, tactics)
  • 16:00 – 16:30 Blue Team Gamenet Familiarization Continues
  • 16:30 – 17:00 End of day 0 – Feedback Session
  • 17.00 – All systems are reverted to initial state

Day 1: 8 Oct 2020 (0900-1700 CET)

  • 08:50 – 09:00 Communication checks
  • 09:00 – 09:10 Opening remarks
  • 09:10 – 09:15 Mission brief
  • 09:15 STARTEX
  • 12:00 Deadline for Blue Team Situation Report I (SITREP I)
  • 12:00 – 13:00 Running lunch (Exercise continues)
  • 15:30 Deadline for Blue Team Situation Report II (SITREP II)
  • 15:45 ENDEX of exercise, Gamenet closed
  • 16:00 – 17:00 hotwashup
  • White Team feedback to Blue Teams
  • Red Team campaign overview
  • Blue Team feedback
  • Blue Team Success
  • Blue Team Failures

Target group

The target audience for this exercise is staff members involved in technical IT-security or cyber defense, reporting and analytical staff, and their team management. To be successful in the exercise, the team should have knowledge and experiences in the following areas:

Leadership (Manager / SOC Team Lead)

Manage incident response, lead the exercise team and coordinate efforts with other parties when needed.

Reporting and Communication

  • Create incident reports to immediately document and report loss/compromise, suspected compromise, suspicious contact, or other activity involving systems in team’s responsibility.
  • Compose situation reports for executive leadership or other parties that may include key findings, monitoring and incident summaries, threat assessments and recommendations.

System and Network Administration

  • Operating and securing routers & firewalls and also Windows & Linux based IT systems. Some examples: managing Windows Active Directory domain, workstations and servers based on different Windows versions, Linux servers running on Ubuntu and Debian distribution, firewalls based on OPNsense and MikroTik, routers based on VyOS.
  • Understanding TCP/IP networking and working level experience of common network protocols, services and technologies like DNS, NTP, HTTP, HTTPS, SMTP, POP3, IMAP, SSH, FTP, VoIP and at least basic knowledge about IPv6

Web applications, technologies and development

HTML, client-side and server-side scripting such as JavaScript and PHP, SQL databases such as MySQL

Computer Network Defense

Monitoring, detecting, analyzing, reporting, resolving, security incidents

Registration

If you would like to participate at the exercise, sign up at Eventbrite or contact us at events@cybexer.com.