A cyberattack is right around the corner—does your team know what it will look like or how to respond? Test your team's abilities and your system's configuration!

This category includes capture-the-flag exercises, defacement exercises, and red team / blue team exercise environments to pit your team members against each other. All scenarios include active monitoring so you know how far you've gotten!

Questions about which exercise is right for you? Contact cyrin@atcorp.com.

One of the most important skills in cyber defense is the ability to think like an attacker. How will an adversary break in to your systems? Are your sensitive files properly hidden from prying eyes? Can a dedicated attacker steal encryption keys that would allow them to impersonate you? Knowing how such attacks might work helps you securely configure and defend your systems.

Hone your skills and see how an attacker would exploit configuration weaknesses. This Capture the Flag (CTF) scenario lets you see first-hand an attacker's strategies for compromising your systems. Can you gain total control over a target system solely via a web application?

Build on your skills from the first CTF scenario with a new web server setup—can you gain root access on this box?

Get experience conducting an internal investigation on a realistic corporate network.

You are a security officer for a shipping company whose trucks have repeatedly been hijacked by a criminal organization. The criminals appear to have advance information on the routes of the trucks, despite the company changing routes frequently. Company executives suspect someone within the company is leaking truck route information to the criminals. Students will have to determine who is leaking the information, how, and to whom.

Prerequisites

Familiarity cyber-forensic techniques and with the Bash shell on Linux.

Get valuable experience extracting data from network packet captures! Students will use Wireshark® to analyze network packet traces containing normal network traffic and active attacks. Detailed information will be extracted from the traces by examining packets and by using Wireshark's built-in analysis and PCAP-manipulation tools.

Prerequisites
  • Familiarity with Wireshark and the Unix/Linux command line
  • Detailed knowledge of networking protocols, including TCP/IP, DNS, and HTTP

The CYRIN Protocol Analysis labs will help you meet these prerequisites.

Examine packet captures from actual intrusions and dive deeper into how attackers operate! Students will learn the details of protocols such as SMB and SSH by examining network traffic captures in Wireshark®, then will proceed to build network packets "by hand" in order to tunnel secret data in normal-looking traffic. Finally, students will learn the details of "web shell" payloads commonly used by attackers.

Prerequisites
  • Familiarity with Wireshark and the Unix/Linux command line
  • Detailed knowledge of networking protocols, including TCP/IP, DNS, and HTTP

The CYRIN Packet Capture Analysis and Manipulation exercise is recommended before starting this exercise.

Continue your exploration into malware's behavior on the network! Students will analyze network captures containing real, malicious network traffic, both by hand and using tools such as Security Onion and Sguil. Both malware spreading methods and command and control operations will be explored. In addition, students will create web shell payloads of their own to see how they operate from the inside.

Prerequisites
  • Familiarity with Wireshark and the Unix/Linux command line
  • Detailed knowledge of networking protocols, including TCP/IP, DNS, and HTTP

The CYRIN Intrusion Analysis using Network Traffic exercise is recommended before starting this exercise.

Test your skills against others as either an attacker attempting to compromise a system or a defender trying to prevent the attackers from doing damage. This is a head-to-head exercise, best played with two or more participants from your organization. Participants choose their own teams.

Prerequisites
  • Knowledge of attack, pen-testing, and defensive techniques on Linux systems, including web application attacks, firewall configuration, etc.
  • Familiarity with command-line tools on Linux systems (e.g., Metasploit).
  • Be appropriately matched in skill with your opponent!

To get the most out of this exercise, you should complete the two Capture the Flag scenarios first.