To celebrate National Cybersecurity Awareness Month, RangeForce joined forces with Barclays to deliver a unique CyberSiege at Barclays RISE NYC. This CyberSiege was a one-day immersive cyberattack challenge with participants coming from Barclays and another leading fortune 500 company cybersecurity teams from around the NYC area. The roles of the participants included SOC staff, App Sec team, and a few forensic investigators.
CyberSieges are delivered through the RangeForce CyberTraining Platform’s virtual cyber-range with the actual attacks carried out by our Attack Bots (our automated Red Team). This hands-on training environment simulates a complete cyberattack environment.
The goal of participants was to detect and contain a multi-step attack against mixed infrastructure.
During the attack phase, simulated computer users (playing the part of unaware employees) executed malicious software. The malicious software ends up taking control of the entire enterprise infrastructure through privilege escalation, lateral movement, and an attack against their Microsoft Active Directory.
To keep things really interesting, while the teams were focused on the internal attack, the company’s website was also hit using path traversal, SQLi, XSS, CMDi. Teams were forced to prioritize defensive resources and focus as they dealt with this second front and assaults that included Golden Ticket attacks against a Kerberos environment, PtH, and attacks against a web application.
The winning team took just over 3 hours to complete the CyberSiege and won bragging rights for the day. The average team completion time was 5 hours.
Ask yourself a question here; how long would your team take to complete this scenario?
When the siege portion of the training was completed, the teams were debriefed on their strengths and weaknesses and using RangeForce training modules, each team was able to get some hands-on remediation training. Although we cannot give away the secrets of the attack — the focus of the post siege training was learning how to:
- Use common malware analysis tools and how to analyze PCAP files.
- Properly configuration of HTTPS.
- Understand how hackers use password cracking tools
- Implement security controls and prioritize the restoration of compromised servers.
- Perform simple SQLi and NoSQLi attacks (such as authentication bypass, information gathering and data dumping using information schema and union selects).
One interesting takeaway from the Cyber Siege was from the team members who lacked a Microsoft background. They were very enthusiastic to acquire new technology skills on spot in order to successfully defend against the attacks. The takeaway — more cross-training of your Cyber Pros needs to occur.
Quotes of the day:
“I had to kick the last two teams out at 6 pm — they did not want to stop!”
– CyberSiege Lead Trainer
In defense of the last team…
“We have an immense desire to complete the entire training module because we wanted to fully understand how the attack propagated.”
– SOC Team Alpha Lead
(we did send them home with access to complete the module — I wonder if they got any sleep?)
“The technology challenges were great, but I also enjoyed the team collaboration during the most intense portions of the CyberSiege.”
– Team Delta Member
“I was very proud of my team’s winning time. I came away with a lot of confidence in my group’s skills and ability to work together.”
– SOC Manager
Want to learn more about RangeForce CyberSieges and our cybersecurity training modules? Contact us: firstname.lastname@example.org or follow us on Linkedin