Onsite Siege for teams

Hands-on competition for both cyber security and non-cyber security IT professionals.

  • | | | |---|---:| | **Time to complete the mission:** | 8 h |
  • Keep all the IT services up and running and defend the infrastructure of a fictional company or country
  • Up to 30 participants in the same physical space
  • The participant will gain a lot more from the experience if they already know the basics of **bash commands** and **PHP** knowledge is helpful
##Mission description Traditional capture the flag type of competitions are offensive oriented. The Cyber Siege Challenge is defense oriented and intended to assess/train defenders. The Cyber Siege Challenge is designed for 30 concurrent participants who preferably should be in the same physical space. The physical proximity of the participants is important to create the “buzz” that leads to a fun event. Each participant gets access to the RangeForce training platform where everyone has their own small isolated network with vulnerable servers and services. The environment aims to replicate a typical small business IT architecture. Within 6 hours of the cyber battle, the trainees have to keep their services up and running while automated cyber attacks are trying to disturb normal work. ## Learning objectives * Find SQL injection (SQLi) attacks from log files * Perform simple SQLi attacks such as authentication bypass, information Gathering and data dumping using information_schema and union selects * Avoid dynamic SQL if possible and use SQL prepared statements * Find XSS attacks from log files * Find reflected XSS, stored XSS and DOM based XSS from a sample webapp * Fix the source code of the sample webapp for XSS errors * Find and fix path traversal and command injection vulnerabilities * Fix cookie security by using HttpOnly and Secure flags
Sign up a team
## 3 simple goals * Discover your talent in cyber security * Assess your skill level * Have fun
## Skills measurement It is very important to know if a person has acquired the necessary skills and if that person is able to apply those skills in a real-time stressful cyber incident. The RangeForce platform allows to measure real skills.

Case-study

See how a worldwide bank used the Global Siege to test their employees' skills across the globe.

Barclays Global Siege