Attendee：20; Auditor：10

Course Description

The Cyber Range is a simulated cyber security war-game environment. It provides a training facility to the cyber security workers to learn how to defense by replaying various cyber threat incidents in an enterprise network environment. This process will give a realistic experience of defense thinking and operations. During the exercise, the TA will provide necessary assistance to the trainee to follow the defense process and capture the idea behind the cyber-attacks. After finishing each exercise, the instructor will discuss in depth about the hacker’s thinking, the defense techniques and the way to improve the detection and defense process. For example, when facing the ransomware, Advanced Persistent Threat or DDoS attack, the playbook will replay of realistic security incidents to let the trainee to learn security incident detection and defense plaining ability for various attacks. By providing various simulated attacks, the trainee can learn how to defend the cyber-attacks and to elevate their capabilities in cyber threat detection, incident analysis and cyber security threat assessment. The ultimate goal is to gain the ability to prevent future cyber security incidents, knowledge of the advanced cyber security defense techniques, and the ability to utilize security equipment and software applications. Having these capabilities, the cyber security workers shall be able to defend future cyber-attacks and reduce the risks of intrusion to the enterprise and guarantee continuous and uninterrupted network operations.

Course objectives

• Learn the network malicious behavior detection technique.
• Learn various security defense techniques and tools.
• Attack playbook defense exercises.
• Familiar with the planning, implementation and operation of the network architecture and various defense tools.

Course Outline

• Intrusion Prevention, e-mail security, and web security
• IoT vulnerability, attack, and defense exercise
• Data loss detection, tracking and protection

Suggested equipment specifications for Attendee

• Notebook Computer (Windows or Mac) that can install the Cisco AnyConnect and VMWare Horizon Client

Attendee Prerequisite Skills for the Course

• Basic knowledge of information security

Attendee：30

Course Description

Students will be connected to the CDX platform course environment through VPN.

The stuednt will be practice attack or defensive.

The target host in the course environment will be used as a practice object to simulate the small company website being hacked.

In the course, the instructor leads the students who cosplay hacker to intrusion/DDoS target hosts step by step, and then leads the students who cosplay defensive role to solve the intrusion/DDoS events.

Course Outline

• Web intrusion practice and corresponding countermeasures against intrusion techniques
• DDoS practice and mitigate DDoS

Suggested equipment specifications for Attendee

• Can connect to the Internet
• Installed Fortinet VPN Client

Attendee Prerequisite Skills for the Course

• Linux command
• TCP/IP
• Web

Attendee：25

Course Description

In the face of inevitable cyber breaches today, the National Institute of Standards and Technology (NIST) has released the new framework of cybersecurity. Traditional cybersecurity model is used to make sure the enterprises are not breached, while the new cybersecurity strategies focus on sustainable business operation and agile systems recovery when being compromised. Therefore, incident response and resilience have become the survival techniques in this unpredictable environment when cyber threats occur.
In this session, we will use BlueTeam CTF for training monitoring, hunting, and investigating skills as our main goal. There will be some kinds of real cases for students to think and forensic as a hacker from different attacking situations. Through these situations, students can create timeline and attacker activity mapping and find out the tactic, techniques, and procedures the hacker is using, which can improve their visibility and sensibility. Also from this session students can improve their resilience ability from this practice. By investigating and analyzing different scenario, this session will bring a great support in real scenario and strengthen enterprise cyber security strategies.

Course objectives

• By investigating and analyzing different scenario, this session will bring a great support in real-life scenario and strengthen enterprise cyber security systems.

Course Outline 

• BlueTeam CTF Introduction
• Practice Scenario Introduction
• Cyber Resilience Model Introduction and Discussion
• Conclusion

Suggested equipment specifications for Attendee

• Laptop

Attendee Prerequisite Skills for the Course

• Cyber security practitioner

Attendee：12; Auditor：6

Course Description

The cybersecurity simulation training system is Israel’s well-known Cyberbit Range Training system.

We will practice the most three common threats as for the CyberSec 2019 CyberLAB program, they are: Apache Shutdown, Trojan Data Leakage, and SQL Injection.

Through hand-on practice of the complete scenario, the trainees will know how to judge different attack behaviors and then propose proper response measures. Each exercise will take around 1.5 hours. The simulations are as following:

• Apache Shutdown Scenario: In this scenario, the system attacks a known public Apache web server. The attacker uses a Secure Shell (SSH) brute-force attack to gain access to the server and uploads backdoor files and scripts that send the server’s user name and password to the attacker every minute to maintain access to the server. Finally, the attack adds a cron job that shuts down the Apache services in one-minute intervals.

Course objectives

• Practicing Linux and Apache logging research and basic forensics
• Gaining hands-on experience with Apache, SSH client, and Linux management tools
• Gaining hands-on experience with an event of brute-force attack

Course Outline

• HOW TO DETECT A NEW PORT-SCANNING INCIDENT IN THE SIEM SYSTEM
• HOW TO DETECT A SUCCESSFUL PASSWORD BRUTE-FORCE ATTACK
• HOW TO DETECT FAILURE OF APACHE SERVICES ON ZENOSS SYSTEM
• HOW TO RESTART APACHE SERVICES (ONGOING AS LONG AS THE ATTACK CONTINUES)
• HOW TO ANALYZE THE REASON FOR THE APACHE SERVICES FAILURE
• HOW TO DELETE SCHEDULED CRON JOBS
• HOW TO REMEDIATE THE VULNERABILITY AND MITIGATE THE ATTACK​​​​​​

Suggested equipment specifications for Attendee

• All equipment is prepared by Cybersecurity Technology Institute, Institute for Information Industry.

Attendee Prerequisite Skills for the Course

• Basic knowledge of network security and information security.
• Familiar with database operations and basic understanding of malware principles. 

Attendee：12; Auditor：6

Course Description

The cybersecurity simulation training system is Israel’s well-known Cyberbit Range Training system.

We will practice the most three common threats as for the CyberSec 2019 CyberLAB program, they are: Apache Shutdown, Trojan Data Leakage, and SQL Injection.

Through hand-on practice of the complete scenario, the trainees will know how to judge different attack behaviors and then propose proper response measures. Each exercise will take around 1.5 hours. The simulations are as following:

• Trojan Data Leakage Scenario: In this scenario, the system sends an infected e-mail with a link to a Trojan executable. When the executable is opened, a Trojan is installed. The Trojan performs a local search of secret files and sends them to the attacker by e-mail.

Course objectives

• Practicing Linux logging research and basic forensics
• Gaining hands-on experience Windows, Sendmail server, and Windows scripting.
• Practicing mail services analysis and forensics

Course Outline

• HOW TO DETECT SUSPICIOUS TRAFFIC TO BLACKLISTED ADDRESS
• HOW TO LOCATE THE MALWARE EXECUTABLE FILE
• HOW TO DETECT ABNORMAL MAIL ACTIVITY
• HOW TO ANALYZE ATTACK IMPACT
• HOW TO DETECT INFECTING EMAIL WITH LINK TO THE TROJAN FILE
• HOW TO REMEDIATE THE VULNERABILITY AND MITIGATE THE ATTACK

Suggested equipment specifications for Attendee

• All equipment is prepared by Cybersecurity Technology Institute, Institute for Information Industry.

Attendee Prerequisite Skills for the Course

• Basic knowledge of network security and information security.
• Familiar with database operations and basic understanding of malware principles. 

Attendee：12; Auditor：6

Course Description

The cybersecurity simulation training system is Israel’s well-known Cyberbit Range Training system.

We will practice the most three common threats as for the CyberSec 2019 CyberLAB program, they are: Apache Shutdown, Trojan Data Leakage, and SQL Injection.

Through hand-on practice of the complete scenario, the trainees will know how to judge different attack behaviors and then propose proper response measures. Each exercise will take around 1.5 hours. The simulations are as following:

• SQL injection Scenario: In this scenario, the system attacks a known public web server using SQL. The attacker enables the internally-stored SQL procedure xp_cmdhsell, which is later used to extract all of the users’ computer names and emails form the active directory (AD) using PowerShell scripts, and to stop the internal server’s services using the remote Service Control Manager. The attack is performed repeatedly until the trainees stop the attack.

Course objectives

• Practicing Windows and MSSQL server logging research and basic forensics
• Gaining hands-on experience with Domain Controllers (DC), IIS, and Checkpoint management tools.
• Gaining hands-on experience with an SQL Injection event

Course Outline

• HOW TO DETECT A NEW WEB CRAWLING INCIDENT IN THE SIEM SYSTEM
• HOW TO DETECT DOMAIN SERVICES FAILURE ON ZENOSS SYSTEM
• HOW TO RESTART DOMAIN SERVICES
• HOW TO DETECT AND ANALYZE REASON FOR DOMAIN SERVICES FAILURE
• HOW TO REMEDIATE THE VULNERABILITY AND MITIGATE THE ATTACK

Suggested equipment specifications for Attendee

• All equipment is prepared by Cybersecurity Technology Institute, Institute for Information Industry.

Attendee Prerequisite Skills for the Course

• Basic knowledge of network security and information security.
• Familiar with database operations and basic understanding of malware principles.