A cyberattack is right around the corner—does your team know what it will look like or how to respond? Test your team's abilities and your system's configuration!

This category includes capture-the-flag exercises, attack mitigation exercises, and red team / blue team exercise environments to pit your team members against each other. All scenarios include active monitoring so you know how far you've gotten!

One of the most important skills in cyber defense is the ability to think like an attacker. How will an adversary break in to your systems? Are your sensitive files properly hidden from prying eyes? Can a dedicated attacker steal encryption keys that would allow them to impersonate you? Knowing how such attacks might work helps you securely configure and defend your systems.

Hone your skills and see how an attacker would exploit configuration weaknesses. This Capture the Flag (CTF) scenario lets you see first-hand an attacker's strategies for compromising your systems. Can you gain total control over a target system solely via a web application?

Prerequisites

Familiarity with the UNIX command line and networking concepts, as well as knowledge of web application vulnerabilities (e.g., SQL injection).  Hints are available if you get stuck!

Expected Duration

2 hours, self-paced. Pause and continue at any time.
2 CPEs awarded on successful completion.

Live Exercise

Build on your skills from the first Capture the Flag (CTF) scenario with a new web server setup—can you gain root access on this box? This CTF scenario lets you see first-hand how an attacker could go about compromising your systems.

Prerequisites

Familiarity with the UNIX command line and basic networking concepts (TCP/IP, DNS, etc), as well as knowledge of web application vulnerabilities (e.g., SQL injection).  Hints are available if you get stuck!

Expected Duration

2 hours, self-paced. Pause and continue at any time.
2 CPEs awarded on successful completion.

Live Exercise

Test your skills against others as either an attacker attempting to compromise a system or a defender trying to prevent the attackers from doing damage. This is a head-to-head exercise, best played with two or more participants from your organization. Participants choose their own teams.

Prerequisites

Knowledge of attack, pen-testing, and defensive techniques on Linux systems, including web application attacks, firewall configuration, etc. Familiarity with command-line tools on Linux systems (e.g., Metasploit).

Most importantly, be appropriately matched in skill with your opponent!

To get the most out of this exercise, you should complete the two Capture the Flag scenarios first.

Expected Duration

2 hours, self-paced. Pause and continue at any time.
2 CPEs awarded on successful completion.

Live Exercise

In this exercise, the student plays the role of a security admin of an enterprise network. They are asked to investigate a potential malware-based attack.

The student is told that an intrusion detection system has seen periodic outgoing connections from a computer within the enterprise network to a computer on the Internet. The student must block the outgoing traffic, determine the computer from which the traffic is originating, find the malware on that computer, examine it to see what information is being sent out, and stop the attack.

Prerequisites

  • Familiarity with the Linux/UNIX command line (shell commands)
  • Basics of the TCP/IP network protocol stack
  • Exposure to tools such tcpdump
  • Some knowledge of administering a pfSense firewall including editing rules and viewing logs

Expected Duration

2 hours, self-paced. Pause and continue at any time.
2 CPEs awarded on successful completion.

Attack Scenario

Students play the role of a network security administrator of an enterprise. They are told that a host on the Internet has been persistently scanning their network.

They will use an Incident Response Rack with intrusion detection systems and log analysis tools to determine:

  1. The service being targeted by the attacker.
  2. If the attackers succeeds in finding and exploiting a vulnerability in this service.

Finally, they must block the attacker from the network.

After the attack is blocked, students will learn to exploit the vulnerability in the service.

Prerequisites

  1. Create/edit pfSense firewall rules.
  2. Set up port mirroring (span ports) in pfSense.
  3. Create Suricata IDS alerts.
  4. Analyze information displayed on a Kibana dashboard.

Expected Duration

2 hours, self-paced. Pause and continue at any time.
2 CPEs awarded on successful completion.

Attack Scenario