Here it is what CINI is doing. See you in Rome.

Rocco

The CINI unit is developing cyber exercises aiming at raising the awareness of people. In particular, the initiatives target different levels of involvement, from non expert, to cybersecurity trainee and professionals.

The first initiative is a live CTF open to the public. The idea behind this event is to develop a game that can by played by a vast audience. The game is based on a room escape format (which is becoming very popular nowadays). However, we also introduce a number of new aspects in the game. Mainly, the players have to solve real cybersecurity challenges that require to acquire a new, specific knowledge. For instance, one of the challenges consists of a brute-force attack to a password. A the same time, the participants have the support of a trainer that helps them with useful hints. Eventually, the participants have a direct experience of what happens when, e.g., they use weak passwords.

Another initiative of CINI is to implement cyber exercises for virtual cyber ranges.  Cyber exercises are meant to drive the training sessions for security experts. In particular, we plan to design scenarios where the attacking and defending teams have to deal with a complex and realistic infrastructure. Moreover, the infrastructure will be injected with security vulnerabilities that the attackers (defenders) want to exploit (patch). More importantly, vulnerabilities will not be randomly injected (which would decrease the effectiveness of the training session). In fact, we will deploy vulnerabilities with specific training objectives, e.g., requiring the attacker to apply a certain strategy. As a consequence, each security exploit will be part of a non-trivial sequence of lateral movements allowing the attackers to approach their final target.

Dear WP9 Partners,

Soon, we will be starting activities focused on practical training and lab federations. Furthermore, we will be working on better hands-on training environments.

At this moment, I’d like to ask you about your experience with cyberrange software tools. Does anyone has any experience? What tools are you using to realise your cyberranges?

Anyone uses open tools, like Open-Source AWS Cyber Range or Open Cyber Challenge Platform?

Thank you,

Kind regards,

Jan

——
doc. Ing. Jan Hajný, Ph.D.
Advanced Cybersecurity
Brno University of Technology
Phone: +420 541 146 961
WWW: http://crypto.utko.feec.vutbr.cz

-- 
Prof. Rocco De Nicola - IMT School for Advanced Studies Lucca
Direttore Centro Competenza Cybersecurity Toscano - www.c3t.it
Tel: +39 0583 4326730 - Mobile +39 329 4309862