This simulated attack & defence challenge is designed to simulate a wide variety of real world attacks testing the delegate's ability under pressure to detect and mitigate live attacks as they happen. Each team is responsible for the security of a network of virtual infrastructure and applications configured like any other online business where each team must maintain the uptime of their assets and defend them from attack.
During this one day course delegates will be asked to identify vulnerabilities in a number of compromised systems, patch or mitigate those vulnerabilities, identify malware and other types of backdoors installed by an attacker and defend their assets in an attack/defend type scenario.
Each team will be given a set amount of money which decreases every minute that one of their services or servers are down, teams can earn additional money by correctly identifying attacks, vulnerabilities and successfully causing down time for other teams.
Delegates are expected to have at least some experience within the Linux environment and be able to identify vulnerabilities and attacks using a variety of network, vulnerability and malware analysis tools, techniques and procedures. Exposure to scripting languages will be an advantage.
- Security operations management best practice
- Undertake real time - Incident Response
- Conduct threat detection triage using IDS/IPS/WAF
- Defend, Attack, Defend within a simulated multi-lateral attack
- Use Network traffic analysis tools
- Use vulnerability analysis toolsets
- Use penetration testing methods and techniques
- Identify malware analysis patterns
- Use PHP scripting/web application languages
The course is designed for individuals responsible for defending organisations from cyber attacks.
Each team will be given a compromised network of machines and applications where each team must correctly analyze and identify any vulnerabilities exploited by the attacker as well as any malware and other types of back doors installed by the attacker and implement patches, firewall (IDS/IPS) rules and set up monitoring to detect any future attacks.
Delegates earn money for their team by correctly identifying vulnerabilities and malware discovered during analysis. Delegates will have time to secure and harden their networks and applications in preparation for defending against live attacks where each team will be expected to defend their networks against other teams. In addition teams will be encouraged to use cyber active defensive skills.
Each team will be responsible for maintaining the security and up time of their servers and services losing money for down time caused by an attack while attacking other teams in order to cause down time and gain money. With each wave of attacks, exfiltration or active defence of a botnet is worth a set amount of money depending on the severity of the vulnerability identified allowing teams to regain money lost during down time.
This is a high pressure environment and is often the first time teams are really put to the test, communicating effectively as a team, identifying the most suitable person in the team for the correct attacking or defensive duties during the attack simulation. T
The winning team is the team with the most amount of money remaining at the end of the day.