Re: [SPARTA - network.training-awareness] CyberRange Tools

Hi all, As discussed in last meeting, SAP has developed a special, multi profile, gamified CTF for the entire company. As one feature, it has been designed as an LMS<https://en.wikipedia.org/wiki/Learning_management_system>em>, except for SCORM reporting. This infra is content agnostic and more or less plug&play. More reading: https://news.sap.com/2018/01/employees-need-hacker-mindset-to-fight-cybercr… https://blogs.sap.com/2018/09/06/capture-the-flag-an-experiential-yet-colla… https://blogs.sap.com/2018/09/20/embedding-a-security-mindset-without-teach… For this year, we’re finalizing an Attack/Defense CTF for SecDevOps with an automated attack server or the usual teams vs teams. While the platform is corporate, with proper collaboration we could shape and extend it to SPARTA needs and make it internet facing. Unfortunately I won’t be able to join Rome. Best, Gilles From: network.training-awareness &lt;network.training-awareness-bounces(a)server.sparta.eu&gt; On Behalf Of Giorgio Bernardinetti Sent: lundi 23 septembre 2019 08:29 To: Jan Hajny &lt;hajny(a)feec.vutbr.cz&gt; Cc: network.training-awareness(a)server.sparta.eu Subject: Re: [SPARTA - network.training-awareness] CyberRange Tools Following CNIT’s involvment in Cyber Ranges. See you all in Rome. Giorgio Bernardinetti CNIT has developed an Attack&Defense CTF platform used in a recent italian national CTF event. This platform was developed with future concepts in mind, thus allowing for extensions and modules in order to become a Cyber Range platform. More details on this platform can be discussed privately and the platform itself could be used by all Sparta partners in this WP. CNIT’s team is also teaching two hands-on and security-focused academic courses at the University of Rome Tor Vergata; One of them features practical training with an online cyber range platform called HackTheBox and the final test is a hands-on penetration test on a crafted vulnerable environment. No automatic tools are used for these tests, but we’re open to use them. CNIT is also working on an automatic way to build vulnerable environments based on some sort of “vulnerable description” (e.g. OS, packages to be installed, CVEs to be placed, …). -- ====================================================== Giorgio Bernardinetti CNIT - National Inter-University Consortium for Telecommunications Electronic Engineering Department University of Rome "Tor Vergata" Via del Politecnico 1, 00133 Roma, Italy Phone: +39 06 7259 7773 Cel: (+39) 3883793886 Email: giorgio.bernardinetti@cnit.it<mailto:giorgio.bernardinetti@cnit.it> ====================================================== On 06/09/2019 15:42, Jan Hajny wrote: Dear WP9 Partners, Soon, we will be starting activities focused on practical training and lab federations. Furthermore, we will be working on better hands-on training environments. At this moment, I’d like to ask you about your experience with cyberrange software tools. Does anyone has any experience? What tools are you using to realise your cyberranges? Anyone uses open tools, like Open-Source AWS Cyber Range or Open Cyber Challenge Platform? Thank you, Kind regards, Jan —— doc. Ing. Jan Hajný, Ph.D. Advanced Cybersecurity Brno University of Technology Phone: +420 541 146 961 WWW: http://crypto.utko.feec.vutbr.cz<http://crypto.utko.feec.vutbr.cz/>