Rapid Cyber Core Spring Edition

CybExer Technologies will organize the RAPID CYBER CoRe (Cooperative Resilience) event in online format from 28-29 April 2021. During the 2-day event your Blue Team skills will be tested in a live-fire exercise of defending a full-scale IT Infrastructure against Red Team cyberattacks.

The RAPID CYBER CoRe event is an excellent opportunity for your IT security team to test their methodology and skills of mitigation, detection and response to high frequency cyberattacks that will be launched on their IT infrastructure. Multiple Blue Teams participate in the exercise and compete against each other to keep their IT infrastructure protected against attacks performed by a real-life Red Team and test their capabilities under the pressure of a continuous flow of attacks and real-life based scenarios. Participating in this event is an excellent way to test and develop your skills in handling real-life cyberattack by means of Identification, Protection, Detection, Response, Recovery and Reporting.

Exercise format updates

  1. Shortened time of the exercise – exercise lasts two days and actual engagement for participating teams is one day (first day is for voluntary preparations and familiarization in gamenet, second day for actual gameday);
  2. Cut down the network size and Red Team campaign to accommodate teams with minimum 4 members and maximum 6 members;
  3. Added additional challenges besides live-fire element – mainly addressing the current threat landscape incidents:
    1. Investigating e-mail based social engineering attacks;
    2. Handling IT resources misuse incidents related to CryptoJacking;
    3. Reverse engineering.

Critical Infrastructure Component

The exercise also includes Critical Infrastructure (CI) component.

Exercise Gamenet includes a fully virtualized simulation of Energy Company control room related systems that are used to manage energy distribution network. Exercise participants will have to defend the Human-Machine Interface (HMI) in the control room that visualises a processes in a critical infrastructure that is not related to IT systems. The data sources are operated by the exercise organizers and are not subject to attacks and defenses.

Agenda

Day 0: 28 APRIL 2021 (0900-1700)

  • 09:00 – 10:00 Connectivity set-up to cyber range and familiarization
  • 10:00 – 12:00 Blue Team briefings, Gamenet and communication system introduction
  • 12:00 – 13:00 Running lunch
  • 12:00 – 14:45 Gamenet familiarization
  • 14:45 – 15:30 Communication Checks
  • 15:30 – 16:00 Blue Team Internal Strategy Meeting (roles, tactics)
  • 16:00 – 16:30 Blue Team Gamenet Familiarization Continues
  • 16:30 – 17:00 End of day 0 – Feedback Session
  • 17.00 – All systems are reverted to initial state

Day 1: 29 APRIL 2021 (0900-1700)

  • 08:50 – 09:00 Communication checks
  • 09:00 – 09:10 Opening remarks
  • 09:10 – 09:15 Mission brief
  • 09:15 – STARTEX
  • 12:00 – Deadline for Blue Team Situation Report I (SITREP I)
  • 12:00 – 13:00 Running lunch (Exercise continues)
  • 15:30 – Deadline for Blue Team Situation Report II (SITREP II)
  • 15:45 – ENDEX of exercise, Gamenet closed
  • 16:00 – 17:00 hotwashup
  • White Team feedback to Blue Teams
  • Red Team campaign overview
  • Blue Team feedback
  • Blue Team Success
  • Blue Team Failures

Target group

The target audience for this exercise is staff members involved in technical IT-security or cyber defense, reporting and analytical staff, and their team management. To be successful in the exercise, the team should have knowledge and experiences in the following areas:

Leadership (Manager / SOC Team Lead)

Manage incident response, lead the exercise team and coordinate efforts with other parties when needed.

Reporting and Communication

Create incident reports to immediately document and report loss/compromise, suspected compromise, suspicious contact, or other activity involving systems in team’s responsibility. Compose situation reports for executive leadership or other parties that may include key findings, monitoring and incident summaries, threat assessments and recommendations.

System and Network Administration

Operating and securing routers & firewalls and also Windows & Linux based IT systems. Some examples: managing Windows Active Directory domain, workstations and servers based on different Windows versions, Linux servers running on Ubuntu and Debian distribution, firewalls based on OPNsense and MikroTik, routers based on VyOS. Understanding TCP/IP networking and working level experience of common network protocols, services and technologies like DNS, NTP, HTTP, HTTPS, SMTP, POP3, IMAP, SSH, FTP, VoIP and at least basic knowledge about IPv6

Web applications, technologies and development

HTML, client-side and server-side scripting such as JavaScript and PHP, SQL databases such as MySQL

Computer Network Defense

Monitoring, detecting, analyzing, reporting, resolving, security incidents

Registration

Please register for the online webinar on April 21st for more information regarding Rapid Cyber CoRe Exercise: https://www.eventbrite.com/e/131463200973

The Blue Team cost is 4000 EUR + VAT
Dedicated seat in an International mixed Blue Team – 800 EUR + VAT

Registration for excercise - https://www.eventbrite.com/e/128985798997

Additional questons - events@cybexer.com

Stay safe and see you soon!