Level 3: Utility Under Attack Scenarios, Attack/Defense/IR Exercises, & Instructional Labs
About the course
Experience and mitigate live cyber attacks on a virtual network representing a power generation/transmission/distribution company! Each utility gets a dedicated virtual network that includes representative enterprise (IT) and operational (OT) networks. Attacks can include Internet-originating malware such as spear-phishing, insider threats, and supply chain compromises. Users sign in via a web browser, or coming in Spring 2020, can "bring their own tools" with a direct VPN connection to their exercise network.
Level 3 includes all Level 2 scenarios and Level 1 labs, PLUS four IT/OT attack scenarios with a new scenario each quarter!
Want to see a scenario in action? Watch our live walkthrough of Level 3!
- Man-in-the-middle attack on the OT network due to a supply chain compromise.
- Phishing attack on the IT network that reaches the OT network.
- Application-level denial of service attack on the OT network.
- Network-level denial of service attack on the OT network.
Each scenario comes with step-by-step instructions for finding the source of the attack, or for a greater challenge, have your team figure it out on their own!
Cost for an annual subscription includes existing labs and all new labs during a 12 month period. Bulk discounts are available. Packages can be purchased by credit card or paid by invoice. Contact firstname.lastname@example.org for volume discount and invoicing options.
Familiarity with SCADA system concepts (HMI clients, PLCs, Modbus, etc.), basic networking concepts (TCP/IP, DNS, etc.), and basic network attack/defense and troubleshooting techniques.
110 hours , self-paced. Pause and continue at any time.
- Getting Started with CYRIN
- Introductory IDS Configuration with Snort
- Intrusion Detection using Zeek (formerly Bro)
- Firewall Configuration with VyOS
- Firewall Configuration with IPtables
- Firewall Configuration with pfSense
- VPN Server Configuration with OpenVPN
- Split-Horizon DNS Configuration using BIND
- Host IDS Setup with OSSEC
- Using Active Directory to Manage Domain User Accounts
- SSH Server Configuration
- Identifying Live Machines and Services on an Unknown Network
- Service Identification I
- Service Identification II
- Log Analysis with RSYSLOG
- Log Analytics with Splunk
- Log Analytics with Elastic Stack
- Introduction to Metasploit
- Vulnerability Scanning with OpenVAS
- Automating Security Analysis with SPARTA
- Secure Configuration of the Apache Web Server
- Secure SSL Configuration in Apache
- Web Application Security Analysis using OWASP-ZAP
- Web Application Security Analysis using Nikto
- Web Application Security Analysis using Vega
- Web Application Security Analysis using Burp Suite
- Detecting and Exploiting SQL Injection Vulnerabilities
- Web Site Reconnaissance
- DoS Attacks and Defenses
- Protocol Analysis I: Wireshark Basics
- Protocol Analysis II: Extracting Data from Network Traffic
- Handling Potential Malware
- Introductory File System Forensics
- Live Forensics using GRR
- Introduction to P2P Forensics
- Introduction to Memory Analysis with Volatility
- Introduction to Memory Analysis with Rekall
- Windows Forensics Artifacts
- Advanced P2P Forensics
- eMule P2P Forensics
- Capture the Flag Scenario I
- Capture the Flag Scenario II
- Conduct a Data Leak Investigation
- Packet Capture Analysis and Manipulation
- Intrusion Analysis using Network Traffic
- Advanced Analysis of Malicious Network Traffic
- Red vs Blue
- ICS OT Man in the Middle Attack
- ICS IT/OT Phishing Attack
- ICS OT Application-Level DoS Attack
- ICS OT Network-Level DoS Attack
- Level 1: CYRIN Enterprise Instructional Labs
- Level 2: Attack/Defense/IR Exercises & Instructional Labs
$5995 for 1 year of access.