Level 3: Utility Under Attack Scenarios, Attack/Defense/IR Exercises, & Instructional Labs

Provided by

Enquire about this course

About the course

Experience and mitigate live cyber attacks on a virtual network representing a power generation/transmission/distribution company! Each utility gets a dedicated virtual network that includes representative enterprise (IT) and operational (OT) networks. Attacks can include Internet-originating malware such as spear-phishing, insider threats, and supply chain compromises. Users sign in via a web browser, or coming in Spring 2020, can "bring their own tools" with a direct VPN connection to their exercise network.

Level 3 includes all Level 2 scenarios and Level 1 labs, PLUS four IT/OT attack scenarios with a new scenario each quarter!

Want to see a scenario in action? Watch our live walkthrough of Level 3!

Example Scenarios:

  • Man-in-the-middle attack on the OT network due to a supply chain compromise.
  • Phishing attack on the IT network that reaches the OT network.
  • Application-level denial of service attack on the OT network.
  • Network-level denial of service attack on the OT network.

Each scenario comes with step-by-step instructions for finding the source of the attack, or for a greater challenge, have your team figure it out on their own!

Cost for an annual subscription includes existing labs and all new labs during a 12 month period. Bulk discounts are available. Packages can be purchased by credit card or paid by invoice. Contact info@cyrintraining.com for volume discount and invoicing options.

Familiarity with SCADA system concepts (HMI clients, PLCs, Modbus, etc.), basic networking concepts (TCP/IP, DNS, etc.), and basic network attack/defense and troubleshooting techniques.
110 hours , self-paced. Pause and continue at any time.


  • Getting Started with CYRIN
  • Introductory IDS Configuration with Snort
  • Intrusion Detection using Zeek (formerly Bro)
  • Firewall Configuration with VyOS
  • Firewall Configuration with IPtables
  • Firewall Configuration with pfSense
  • VPN Server Configuration with OpenVPN
  • Split-Horizon DNS Configuration using BIND
  • Host IDS Setup with OSSEC
  • Using Active Directory to Manage Domain User Accounts
  • SSH Server Configuration
  • Identifying Live Machines and Services on an Unknown Network
  • Service Identification I
  • Service Identification II
  • Log Analysis with RSYSLOG
  • Log Analytics with Splunk
  • Log Analytics with Elastic Stack
  • Introduction to Metasploit
  • Vulnerability Scanning with OpenVAS
  • Automating Security Analysis with SPARTA
  • Secure Configuration of the Apache Web Server
  • Secure SSL Configuration in Apache
  • Web Application Security Analysis using OWASP-ZAP
  • Web Application Security Analysis using Nikto
  • Web Application Security Analysis using Vega
  • Web Application Security Analysis using Burp Suite
  • Detecting and Exploiting SQL Injection Vulnerabilities
  • Web Site Reconnaissance
  • DoS Attacks and Defenses
  • Protocol Analysis I: Wireshark Basics
  • Protocol Analysis II: Extracting Data from Network Traffic
  • Handling Potential Malware
  • Introductory File System Forensics
  • Live Forensics using GRR
  • Introduction to P2P Forensics
  • Introduction to Memory Analysis with Volatility
  • Introduction to Memory Analysis with Rekall
  • Windows Forensics Artifacts
  • Advanced P2P Forensics
  • eMule P2P Forensics
  • Capture the Flag Scenario I
  • Capture the Flag Scenario II
  • Conduct a Data Leak Investigation
  • Packet Capture Analysis and Manipulation
  • Intrusion Analysis using Network Traffic
  • Advanced Analysis of Malicious Network Traffic
  • Red vs Blue
  • ICS OT Man in the Middle Attack
  • ICS IT/OT Phishing Attack
  • ICS OT Application-Level DoS Attack
  • ICS OT Network-Level DoS Attack
  • Level 1: CYRIN Enterprise Instructional Labs
  • Level 2: Attack/Defense/IR Exercises & Instructional Labs

$5995 for 1 year of access.


Start date Location / delivery
No fixed date Online Book now

Related article

“Cyber security is a process, not a product.” Kevin Cardwell, noted cyber security trainer, speaker and educator. CYRIN WEBINAR – STOP RANSOMWARE I...