6 Sep
2019
6 Sep
'19
1:42 p.m.
Dear WP9 Partners,
Soon, we will be starting activities focused on practical training and lab federations.
Furthermore, we will be working on better hands-on training environments.
At this moment, I’d like to ask you about your experience with cyberrange software tools.
Does anyone has any experience? What tools are you using to realise your cyberranges?
Anyone uses open tools, like Open-Source AWS Cyber Range or Open Cyber Challenge
Platform?
Thank you,
Kind regards,
Jan
——
doc. Ing. Jan Hajný, Ph.D.
Advanced Cybersecurity
Brno University of Technology
Phone: +420 541 146 961
WWW: http://crypto.utko.feec.vutbr.cz <http://crypto.utko.feec.vutbr.cz/>
18 Sep
18 Sep
8:08 p.m.
Hi,
Soon, we will be starting activities focused on
practical training and lab federations. Furthermore, we will be working on better hands-on
training environments.
At this moment, I’d like to ask you about your experience with cyberrange software tools.
Does anyone has any experience? What tools are you using to realise your cyberranges?
Anyone uses open tools, like Open-Source AWS Cyber Range or Open Cyber Challenge
Platform?
We have limited experience with CyberRange for the moment. We tried the
Airbus solution in a 5-day experiment for 8 of our students, and it
seemed to offer a simple and efficient way to model and instanciate
independent infrastructures for different groups of students.
However I believe this was overkill for the purpose, since our student
had little experience with CTFs and attacks in practice in general. I
believe such equipment is mostly useful for more experienced professionnal.
We are also starting to work on an open-source solution called CyTrone,
but the person working on it just started last week, so we might only
have results to share in several weeks/months.
Best regards,
olivier
22 Sep
22 Sep
5:10 a.m.
Here it is what CINI is doing. See you in Rome.
Rocco
The CINI unit is developing cyber exercises aiming at raising the
awareness of people. In particular, the initiatives target different
levels of involvement, from non expert, to cybersecurity trainee and
professionals.
The first initiative is a live CTF open to the public. The idea behind
this event is to develop a game that can by played by a vast audience.
The game is based on a room escape format (which is becoming very
popular nowadays). However, we also introduce a number of new aspects in
the game. Mainly, the players have to solve real cybersecurity
challenges that require to acquire a new, specific knowledge. For
instance, one of the challenges consists of a brute-force attack to a
password. A the same time, the participants have the support of a
trainer that helps them with useful hints. Eventually, the participants
have a direct experience of what happens when, e.g., they use weak
passwords.
Another initiative of CINI is to implement cyber exercises for virtual
cyber ranges. Cyber exercises are meant to drive the training sessions
for security experts. In particular, we plan to design scenarios where
the attacking and defending teams have to deal with a complex and
realistic infrastructure. Moreover, the infrastructure will be injected
with security vulnerabilities that the attackers (defenders) want to
exploit (patch). More importantly, vulnerabilities will not be randomly
injected (which would decrease the effectiveness of the training
session). In fact, we will deploy vulnerabilities with specific training
objectives, e.g., requiring the attacker to apply a certain strategy. As
a consequence, each security exploit will be part of a non-trivial
sequence of lateral movements allowing the attackers to approach their
final target.
On 06/09/2019 15:42, Jan Hajny wrote:
Dear WP9 Partners,
Soon, we will be starting activities focused on practical training and
lab federations. Furthermore, we will be working on better hands-on
training environments.
At this moment, I’d like to ask you about your experience with
cyberrange software tools. Does anyone has any experience? What tools
are you using to realise your cyberranges?
Anyone uses open tools, like Open-Source AWS Cyber Range or Open Cyber
Challenge Platform?
Thank you,
Kind regards,
Jan
——
doc. Ing. Jan Hajný, Ph.D.
Advanced Cybersecurity
Brno University of Technology
Phone: +420 541 146 961
WWW: http://crypto.utko.feec.vutbr.cz
--
Prof. Rocco De Nicola - IMT School for Advanced Studies Lucca
Direttore Centro Competenza Cybersecurity Toscano - www.c3t.it
Tel: +39 0583 4326730 - Mobile +39 329 4309862
23 Sep
23 Sep
6:29 a.m.
Following CNIT’s involvment in Cyber Ranges.
See you all in Rome.
Giorgio Bernardinetti
CNIT has developed an Attack&Defense CTF platform used in a recent italian national
CTF event. This platform was developed with future concepts in mind, thus allowing for
extensions and modules in order to become a Cyber Range platform. More details on this
platform can be discussed privately and the platform itself could be used by all Sparta
partners in this WP.
CNIT’s team is also teaching two hands-on and security-focused academic courses at the
University of Rome Tor Vergata; One of them features practical training with an online
cyber range platform called HackTheBox and the final test is a hands-on penetration test
on a crafted vulnerable environment. No automatic tools are used for these tests, but
we’re open to use them.
CNIT is also working on an automatic way to build vulnerable environments based on some
sort of “vulnerable description” (e.g. OS, packages to be installed, CVEs to be placed,
…).
--
======================================================
Giorgio Bernardinetti
CNIT - National Inter-University Consortium for Telecommunications
Electronic Engineering Department University of Rome "Tor Vergata"
Via del Politecnico 1, 00133 Roma, Italy
Phone: +39 06 7259 7773
Cel: (+39) 3883793886
Email: giorgio.bernardinetti(a)cnit.it
======================================================
On 06/09/2019 15:42, Jan Hajny wrote:
> Dear WP9 Partners,
>
> Soon, we will be starting activities focused on practical training and lab
federations. Furthermore, we will be working on better hands-on training environments.
>
> At this moment, I’d like to ask you about your experience with cyberrange software
tools. Does anyone has any experience? What tools are you using to realise your
cyberranges?
>
> Anyone uses open tools, like Open-Source AWS Cyber Range or Open Cyber Challenge
Platform?
>
> Thank you,
> Kind regards,
>
> Jan
>
> ——
> doc. Ing. Jan Hajný, Ph.D.
> Advanced Cybersecurity
> Brno University of Technology
> Phone: +420 541 146 961
> WWW: http://crypto.utko.feec.vutbr.cz <http://crypto.utko.feec.vutbr.cz/>
>
8:35 a.m.
Hi all,
As discussed in last meeting,
SAP has developed a special, multi profile, gamified CTF for the entire company. As one
feature, it has been designed as an
LMS<https://en.wikipedia.org/wiki/Learning_management_system>em>, except for SCORM
reporting. This infra is content agnostic and more or less plug&play. More reading:
https://news.sap.com/2018/01/employees-need-hacker-mindset-to-fight-cybercr…
https://blogs.sap.com/2018/09/06/capture-the-flag-an-experiential-yet-colla…
https://blogs.sap.com/2018/09/20/embedding-a-security-mindset-without-teach…
For this year, we’re finalizing an Attack/Defense CTF for SecDevOps with an automated
attack server or the usual teams vs teams.
While the platform is corporate, with proper collaboration we could shape and extend it to
SPARTA needs and make it internet facing. Unfortunately I won’t be able to join Rome.
Best,
Gilles
From: network.training-awareness
<network.training-awareness-bounces(a)server.sparta.eu> On Behalf Of Giorgio
Bernardinetti
Sent: lundi 23 septembre 2019 08:29
To: Jan Hajny <hajny(a)feec.vutbr.cz>
Cc: network.training-awareness(a)server.sparta.eu
Subject: Re: [SPARTA - network.training-awareness] CyberRange Tools
Following CNIT’s involvment in Cyber Ranges.
See you all in Rome.
Giorgio Bernardinetti
CNIT has developed an Attack&Defense CTF platform used in a recent italian national
CTF event. This platform was developed with future concepts in mind, thus allowing for
extensions and modules in order to become a Cyber Range platform. More details on this
platform can be discussed privately and the platform itself could be used by all Sparta
partners in this WP.
CNIT’s team is also teaching two hands-on and security-focused academic courses at the
University of Rome Tor Vergata; One of them features practical training with an online
cyber range platform called HackTheBox and the final test is a hands-on penetration test
on a crafted vulnerable environment. No automatic tools are used for these tests, but
we’re open to use them.
CNIT is also working on an automatic way to build vulnerable environments based on some
sort of “vulnerable description” (e.g. OS, packages to be installed, CVEs to be placed,
…).
--
======================================================
Giorgio Bernardinetti
CNIT - National Inter-University Consortium for Telecommunications
Electronic Engineering Department University of Rome "Tor Vergata"
Via del Politecnico 1, 00133 Roma, Italy
Phone: +39 06 7259 7773
Cel: (+39) 3883793886
Email: giorgio.bernardinetti@cnit.it<mailto:giorgio.bernardinetti@cnit.it>
======================================================
On 06/09/2019 15:42, Jan Hajny wrote:
Dear WP9 Partners,
Soon, we will be starting activities focused on practical training and lab federations.
Furthermore, we will be working on better hands-on training environments.
At this moment, I’d like to ask you about your experience with cyberrange software tools.
Does anyone has any experience? What tools are you using to realise your cyberranges?
Anyone uses open tools, like Open-Source AWS Cyber Range or Open Cyber Challenge
Platform?
Thank you,
Kind regards,
Jan
——
doc. Ing. Jan Hajný, Ph.D.
Advanced Cybersecurity
Brno University of Technology
Phone: +420 541 146 961
WWW: http://crypto.utko.feec.vutbr.cz<http://crypto.utko.feec.vutbr.cz/>
2209
days inactive
2226
days old
network.training-awareness@internal.sparta.eu
4 comments
5 participants
participants (5)
-
Giorgio Bernardinetti -
Jan Hajny -
MONTAGNON, Gilles -
Olivier Levillain -
Rocco De Nicola