A cyberattack is right around the corner—does your team know what it will look like or how to respond? Test your team's abilities and your system's configuration!

This category includes capture-the-flag exercises, defacement exercises, and red team / blue team exercise environments to pit your team members against each other. All scenarios include active monitoring so you know how far you've gotten!

Questions about which exercise is right for you? Contact cyrin@atcorp.com.

One of the most important skills in cyber defense is the ability to think like an attacker. How will an adversary break in to your systems? Are your sensitive files properly hidden from prying eyes? Can a dedicated attacker steal encryption keys that would allow them to impersonate you? Knowing how such attacks might work helps you securely configure and defend your systems.

Hone your skills and see how an attacker would exploit configuration weaknesses. This Capture the Flag (CTF) scenario lets you see first-hand an attacker's strategies for compromising your systems. Can you gain total control over a target system solely via a web application?

Prerequisites

Familiarity with the UNIX command line and networking concepts, as well as knowledge of web application vulnerabilities (e.g., SQL injection).  Hints are available if you get stuck!

Expected Duration

3 hours, self-paced. Pause and continue at any time.
3 CPEs awarded on successful completion.

Availability

Included if you are a subscriber to any of the following training packages:

  • Level 2: Attack/Defense/IR Exercises & Instructional Labs
  • Level 3: Utility Under Attack Scenarios, Attack/Defense/IR Exercises, & Instructional Labs
Live Exercise

Build on your skills from the first Capture the Flag (CTF) scenario with a new web server setup—can you gain root access on this box? This CTF scenario lets you see first-hand how an attacker could go about compromising your systems.

Prerequisites

Familiarity with the UNIX command line and basic networking concepts (TCP/IP, DNS, etc), as well as knowledge of web application vulnerabilities (e.g., SQL injection).  Hints are available if you get stuck!

Expected Duration

3 hours, self-paced. Pause and continue at any time.
3 CPEs awarded on successful completion.

Availability

Included if you are a subscriber to any of the following training packages:

  • Level 2: Attack/Defense/IR Exercises & Instructional Labs
  • Level 3: Utility Under Attack Scenarios, Attack/Defense/IR Exercises, & Instructional Labs
Live Exercise

Get experience conducting an internal investigation on a realistic corporate network.

You are a security officer for a shipping company whose trucks have repeatedly been hijacked by a criminal organization. The criminals appear to have advance information on the routes of the trucks, despite the company changing routes frequently. Company executives suspect someone within the company is leaking truck route information to the criminals. Students will have to determine who is leaking the information, how, and to whom.

Prerequisites

Knowledge of cyber forensics concepts and tools, as well as centralized logging configuration and analysis. Knowledge of the Linux bash shell will help you out as well.

Expected Duration

3 hours, self-paced. Pause and continue at any time.
3 CPEs awarded on successful completion.

Availability

Included if you are a subscriber to any of the following training packages:

  • Level 2: Attack/Defense/IR Exercises & Instructional Labs
  • Level 3: Utility Under Attack Scenarios, Attack/Defense/IR Exercises, & Instructional Labs
Live Exercise

Get valuable experience extracting data from network packet captures! Students will use Wireshark® to analyze network packet traces containing normal network traffic and active attacks. Detailed information will be extracted from the traces by examining packets and by using Wireshark's built-in analysis and PCAP-manipulation tools.

Prerequisites

Knowledge of the internals of networking protocols, including TCP/IP, DNS, and HTTP. Familiarity with Wireshark and the Unix/Linux command line.

The CYRIN Protocol Analysis labs will help you meet these prerequisites.

Expected Duration

3 hours, self-paced. Pause and continue at any time.
3 CPEs awarded on successful completion.

Availability

Included if you are a subscriber to any of the following training packages:

  • Level 2: Attack/Defense/IR Exercises & Instructional Labs
  • Level 3: Utility Under Attack Scenarios, Attack/Defense/IR Exercises, & Instructional Labs
Live Exercise

Examine packet captures from actual intrusions and dive deeper into how attackers operate! Students will learn the details of protocols such as SMB and SSH by examining network traffic captures in Wireshark®, then will proceed to build network packets "by hand" in order to tunnel secret data in normal-looking traffic. Finally, students will learn the details of "web shell" payloads commonly used by attackers.

Prerequisites

Detailed knowledge of networking protocols, including TCP/IP, DNS, and HTTP. Familiarity with Wireshark and the Unix/Linux command line.

The CYRIN Packet Capture Analysis and Manipulation exercise is recommended before starting this exercise.

Expected Duration

3 hours, self-paced. Pause and continue at any time.
3 CPEs awarded on successful completion.

Availability

Included if you are a subscriber to any of the following training packages:

  • Level 2: Attack/Defense/IR Exercises & Instructional Labs
  • Level 3: Utility Under Attack Scenarios, Attack/Defense/IR Exercises, & Instructional Labs
Live Exercise

Continue your exploration into malware's behavior on the network! Students will analyze network captures containing real, malicious network traffic, both by hand and using tools such as Security Onion and Sguil. Both malware spreading methods and command and control operations will be explored. In addition, students will create web shell payloads of their own to see how they operate from the inside.

Prerequisites

Detailed knowledge of networking protocols, including TCP/IP, DNS, and HTTP. Familiarity with Wireshark and the Unix/Linux command line.

The CYRIN Intrusion Analysis using Network Traffic exercise is recommended before starting this exercise.

Expected Duration

3 hours, self-paced. Pause and continue at any time.
3 CPEs awarded on successful completion.

Availability

Included if you are a subscriber to any of the following training packages:

  • Level 2: Attack/Defense/IR Exercises & Instructional Labs
  • Level 3: Utility Under Attack Scenarios, Attack/Defense/IR Exercises, & Instructional Labs
Live Exercise

Test your skills against others as either an attacker attempting to compromise a system or a defender trying to prevent the attackers from doing damage. This is a head-to-head exercise, best played with two or more participants from your organization. Participants choose their own teams.

Prerequisites

Knowledge of attack, pen-testing, and defensive techniques on Linux systems, including web application attacks, firewall configuration, etc. Familiarity with command-line tools on Linux systems (e.g., Metasploit).

Most importantly, be appropriately matched in skill with your opponent!

To get the most out of this exercise, you should complete the two Capture the Flag scenarios first.

Expected Duration

3 hours, self-paced. Pause and continue at any time.
3 CPEs awarded on successful completion.

Availability

Included if you are a subscriber to any of the following training packages:

  • Level 2: Attack/Defense/IR Exercises & Instructional Labs
  • Level 3: Utility Under Attack Scenarios, Attack/Defense/IR Exercises, & Instructional Labs
Live Exercise