In the
Web Defacement scenario, an attack using brute-force techniques is launched
against the SSH daemon on an Apache web server. The attacker, upon successful
breach of credentials, defaces the website with their own “hacked “version
prior to detection. Participants must first identify and subsequently stop
the attacker from taking further actions and correct the defacement in order
to maintain the company’s image.
In the DDOS SYN Flood scenario, In this scenario, internet bots are
leveraged to generate a large amount of traffic targeting one of the
organization’s websites. The traffic floods and eventually overloads the
bandwidth and resources of the target, crippling the server and causing a
denial-of-service (DoS). Participants will identify and mitigate the attack
using various tools to successfully defend the attack, implement rules to
prevent subsequent attacks and restore services and operational
functionality.
In
this scenario, a series of security flaws pertaining to a public web server
under your control enables the attacker to exploit the system using SQL
injection exploitation techniques. The successful nefarious activities of the
attacker pivot to internal systems, extract privileged information and
interfere with business processes. Participants will learn to identify the
attack through SQL, Firewall and SIEM log analytics and implement controls to
block additional data exfiltration, lateral movement and protect the
organization from future malicious activity.
Targeting
a known public web server, this scenario emulates an attack on an Apache web
server where the attacker uses a Secure Shell (SSH) brute-force attack to
gain access to the system. Participants are confronted with a disruption to
critical business components and must act swiftly in order to maintain
up-time and to mitigate the attack. Participants will learn to detect the
attack through the analysis of apache log files, linux system commands and
forensics as well as understanding the basics of the attack chain including
housekeeping and persistence.
In
this scenario, the system sends an infected e-mail with a link to a Trojan
executable. When the executable is opened, a Trojan is installed and performs
a local search of secret files and sends them to the attacker by e-mail.
Participants experience first-hand the entire attack chain of a successful
spear-phishing campaign demonstrating a real-world example of system
compromise and exfiltration of sensitive information referencing examples of
high-profile attacks when spear-phishing was used include the attack on RSA,
HBGary Federal and Operation Aurora (attack on Google).
In
this scenario, a Trojan-infected CD-ROM has been inserted into a Windows
Machine where the malware is auto-run and loaded from the device. Once
inside, the malicious Trojan connects back to a Command and Control server
where commands to steal secret files and important user information are
executed. Participants will learn to detect and contain the malicious
outbreak in order to control further spreading of the infected files,
mitigate the data exfiltration, and confirm that the outbreak has been contained.
The
JAVA NMS scenario emulates a Watering-Hole attack in which the attacker sits
and waits for the victim to perform the expected action of navigating to a
known, infected website that contains a Trojan Horse. Participants will
leverage advanced techniques in this complex attack to detect, analyze and
stop the malicious code to minimize the attack surface and protect the
organization from further compromise.
In
this scenario, an unsuspecting employee opens a legitimate looking email from
a trusted source with an attached document, and the ominous message demands
for the transfer of bitcoin to unlock their system. Within minutes of opening
the attachment, the user’s system has been compromised. Participants must
contain the incident and learn proper handling and response techniques in
order to solve the case and save the organization from complete lockdown.
Participants
in this scenario are faced firsthand with a worm outbreak in the internal
network. Company-wide panic ensues as participants work quickly to analyze
the attack flow, utilize forensic tools and perform basic malware analysis /
reverse-engineering in order to mitigate the threat. The attack simulates the
characteristics of a modern Bot-Net and focuses on developing the real time
response capabilities of the trainees.
This
scenario demonstrates how a sophisticated attacker, using multiple methods of
pivoting within the system, circumvents numerous security mechanisms allowing
access to segments of the network that are otherwise unavailable.
Participants will use advanced detection and prevention techniques to
mitigate the scenario before significant data is exfiltrated from the
environment.