Prioritizing Defensive Measures

Summary: If you build it, they will hack it. Can your team survive 3 hours of attacks? With 30 virtual machines and 100's of vulnerabilities known to the attackers, teams are put through the paces in making realistic decisions as to which systems to harden and which to "leave till later". This exhausting challenge will prepare your team for large scale technical response as your resources are constrained and successful attacks keep occurring.

Equipment: Please bring a laptop.

• Web Browser that allows signed ActiveX (Microsoft Remote Desktop Connection) OR signed Java Applets
• Access to TCP 80, 443, 3389 on 192.88.209.160/28 and 128.2.243.128/25
• Screen resolution of 1280x1024 or greater

Instructions: We will provide detailed directions for a number of tasks so novice as well as senior technical staff will get a chance to contribute. On the other hand, there are challenges that very few will have the ability to figure out.

Teams: Build your own, or we will help you join one at the start of the exercise. It is more than reasonable to have remote members not in Barcelona (remote team members) assist in this exercise. The environment will be accessed via XNET, which does not have a physical limitation based on geographical location.

Scoring: We have an automated scoring script that will run the attacks as well as verify the required services are maintained.

Wrap-up: We will conclude with an instructor-lead walkthrough of a few of the scarier attacks.

Are you ready, what will be your first step? Restrict the internal compromised system, protect the E-Mail server, lock down the Web server, implement blocks on the router, start network monitoring, or enable enterprise logging? Oh, and don’t miss the number of internal documents being exfiltrated from an insider.