Live-Combat Training Missions

hacker-png-free-png-file-svg-980.png

Participate in single live-combat training experience featuring one of the following scenarios. Each mission will test your/your security team members’ skills to detect and respond to malicious activity happening in real time.

In addition to detection and response training, participants will also learn and practice:

  • SIEM Management & Analysis

  • Firewall Management & Analysis

  • Incident Response

  • Windows and Linux System Management

  • Advanced Endpoint Controls

Price for up to 5 people: $6,600

Price for each additional person: $1,350


Course Name:

DDoS SYN Flood Training mission

Level: Novice

Duration: 4 hours

Type: Instructor-led online

 

Scenario Objectives:

  • Learning TCP/IP Protocol Fundamentals

  • Practicing networking forensics

  • Gaining hands-on experience on SNORT IDS

  • Gaining hands-on experience with a classic DDoS event

Required Skills:

  • Network forensics

  • Firewall management

  • TCP Protocol

  • SNORT IDS management

In this scenario, internet bots are leveraged to generate a large amount of traffic targeting one of the organization’s websites. The traffic floods and eventually overloads the bandwidth and resources of the target, crippling the server and causing a denial-of-service (DoS). Participants will identify and mitigate the attack using various tools to successfully defend the attack, implement rules to prevent subsequent attacks and restore services and operational functionality


Course Name:

SQL INJECTION Training mission

Level: Novice

Duration: 4 hours

Type: Instructor-led online

Required Skills:

  • Microsoft Structured Query Language (MSSQL) Server management

  • IIS server logs

  • Firewall Management

  • SIEM Detection and management

Scenario Objectives:

  • Practicing Windows and MSSQL server logging research and basic forensics

  • Gaining hands-on experience with Domain Controllers (DC), IIS, and Checkpoint management tools.

  • Gaining hands-on experience with an SQL Injection event

In this scenario, a series of security flaws pertaining to a public web server under your control enables the attacker to exploit the system using SQL injection exploitation techniques. The successful nefarious activities of the attacker pivot to internal systems, extract privileged information and interfere with business processes. Participants will learn to identify the attack through SQL, Firewall and SIEM log analytics and implement controls to block additional data exfiltration, lateral movement and protect the organization from future malicious activity.


Course Name:

APACHE SHUTDOWN Training mission

Level: Intermediate

Duration: 4 hours

Type: Instructor-led online

Scenario Objectives:

  • Practicing Linux and Apache logging research and basic forensics

  • Gaining hands-on experience with Apache, SSH client, and Linux management tools

  • Gaining hands-on experience with an event of brute-force attack

Required Skills:

  • Linux log management and system commands

  • Apache web server

  • Firewall management

  • ArcSight (understanding of incident logs)

Targeting a known public web server, this scenario emulates an attack on an Apache web server where the attacker uses a Secure Shell (SSH) brute-force attack to gain access to the system. Participants are confronted with a disruption to critical business components and must act swiftly in order to maintain up-time and to mitigate the attack. Participants will learn to detect the attack through the analysis of apache log files, linux system commands and forensics as well as understanding the basics of the attack chain including housekeeping and persistence.


Course Name:

trojan data leak Training mission

Level: Intermediate

Duration: 4 hours

Type: Instructor-led online

Required Skills:

  • Windows log management

  • Sendmail Email server

  • Firewall management

  • Windows scripting

  • SIEM Management and analysis

Scenario Objectives:

  • Practicing Linux logging research and basic forensics

  • Gaining hands-on experience with Windows, Sendmail server, and Windows scripting.

  • Practicing mail services analysis and forensics

In this scenario, the system sends an infected e-mail with a link to a Trojan executable. When the executable is opened, a Trojan is installed and performs a local search of secret files and sends them to the attacker by e-mail. Participants experience first-hand the entire attack chain of a successful spear-phishing campaign demonstrating a real-world example of system compromise and exfiltration of sensitive information referencing examples of high-profile attacks when spear-phishing was used include the attack on RSA, HBGary Federal and Operation Aurora (attack on Google).


Course Name:

Web Defacement Training mission

Level: Intermediate

Duration: 4 hours

Type: Instructor-led online

Required Skills:

  • Linux log management

  • Apache web server

  • Firewall Management

  • SIEM Management and Analysis

Scenario Objectives:

  • Practicing Linux and Apache logging research and basic forensics

  • Gaining hands-on experience with Apache, SSH client, and Linux management tools

  • Gaining hands-on experience with an event of brute force and a web defacement attack

In this scenario, an attack using brute-force techniques is launched against the SSH daemon on an Apache web server. The attacker, upon successful breach of credentials, defaces the website with their own “hacked “version prior to detection. Participants must first identify and subsequently stop the attacker from taking further actions and correct the defacement in order to maintain the company’s image.


Course Name:

KILLER TROJAN Training mission

Level: Intermediate

Duration: 4 hours

Type: Instructor-led online

Required Skills:

  • Windows forensics

  • Windows scripting

  • Firewall management

  • SIEM Management and Analysis

  • DC authentication

Scenario Objectives:

  • Practicing Windows logging research and advanced forensics

  • Gaining hands-on experience with Windows, Outlook client, and Firewall management tools

  • Gaining hands-on experience analyzing a spreading Trojan infection

In this scenario, a Trojan-infected CD-ROM has been inserted into a Windows Machine where the malware is auto-run and loaded from the device. Once inside, the malicious Trojan connects back to a Command and Control server where commands to steal secret files and important user information are executed. Participants will learn to detect and contain the malicious outbreak in order to control further spreading of the infected files, mitigate the data exfiltration, and confirm that the outbreak has been contained.


Course Name:

Java NMS Kill Training mission

Level: Intermediate

Duration: 4 hours

Type: Instructor-led online

Required Skills:

  • Linux log management

  • Firewall Management

  • HTML\Java knowledge

  • SIEM Management and Analysis

  • Linux forensics

Scenario Objectives:

  • Practicing Linux logging research and advanced forensics

  • Practicing reverse engineering and web and networking forensics

  • Gaining hands-on experience with a real-life social engineering attack that results in massive denial of service (DOS)

The JAVA NMS scenario emulates a Watering-Hole attack in which the attacker sits and waits for the victim to perform the expected action of navigating to a known, infected website that contains a Trojan Horse. Participants will leverage advanced techniques in this complex attack to detect, analyze and stop the malicious code to minimize the attack surface and protect the organization from further compromise.


Course Name:

RANSOMWARE Training mission

Level: Advanced

Duration: 4 hours

Type: Instructor-led online

Required Skills:

  • Windows forensics

  • Firewall Management

  • Network forensics

  • MySQL database

  • EndPoint Protection

  • Reverse engineering

Scenario Objectives:

  • Practicing Windows and MySQL server logging research and basic forensics

  • Gaining hands-on experience with McAfee EPO and new policy deployment

  • Gaining hands-on experience with a Ransomware event

In this scenario, an unsuspecting employee opens a legitimate looking email from a trusted source with an attached document, and the ominous message demands for the transfer of bitcoin to unlock their system. Within minutes of opening the attachment, the user’s system has been compromised. Participants must contain the incident and learn proper handling and response techniques in order to solve the case and save the organization from complete lockdown.


Course Name:

WMI WORM Training mission

Level: Advanced

Duration: 4 hours

Type: Instructor-led online

Required Skills:

  • Windows forensics

  • Firewall Management

  • Network forensics

  • .NET reverse engineering

Scenario Objectives:

  • Practicing advanced Windows and network forensic techniques

  • Practicing anti-forensics evasion attempts

  • Gaining hands-on experience with .NET framework reverse engineering

Participants in this scenario are faced firsthand with a worm outbreak in the internal network. Company-wide panic ensues as participants work quickly to analyze the attack flow, utilize forensic tools and perform basic malware analysis / reverse-engineering in order to mitigate the threat. The attack simulates the characteristics of a modern Bot-Net and focuses on developing the real time response capabilities of the trainees.


Course Name:

DB Dump via FTP Exploit Training mission

Level: Advanced

Duration: 4 hours

Type: Instructor-led online

Required Skills:

  • Linux log management

  • File Transfer Protocol (FTP) Server management

  • MSSQL Server management

  • Firewall Management

  • SIEM management and Analysis

Scenario Objectives:

  • Practicing Linux logging and MSSQL server logging research and basic forensics

  • Gaining hands-on experience with FTP server and Linux management tools

  • Gaining hands-on experience with a data leakage event

This scenario demonstrates how a sophisticated attacker, using multiple methods of pivoting within the system, circumvents numerous security mechanisms allowing access to segments of the network that are otherwise unavailable. Participants will use advanced detection and prevention techniques to mitigate the scenario before significant data is exfiltrated from the environment.


Course Name:

JAVA SEND MAIL Training mission

Level: Advanced

Duration: 4 hours

Type: Instructor-led online

Required Skills:

  • Linux log management

  • Firewall Management

  • HTML/Java knowledge

  • SIEM Management and Analysis

  • Linux forensics

Scenario Objectives:

  • Practicing Linux logging research and advanced forensics

  • Practicing reverse engineering and web and networking forensics

  • Gaining hands-on experience with real-life social engineering attacks that result in data leakage

Similar to Java NMS Kill, this scenario emulates a Watering-Hole attack in which the attacker sits and waits for the victim. The victim, having performed the expected action of navigating to a known, infected website enables the hacker to “eavesdrop” on all messages within the organization through the execution of a Trojan Horse. Participants will leverage their advanced analysis techniques in this complex attack to detect, analyze and stop the malicious code to minimize the attack surface and protect the organization from further compromise.


Course Name:

TROJAN SHARE PRIVILEGE ESCALATION Training mission

Level: Advanced

Duration: 4 hours

Type: Instructor-led online

Required Skills:

  • Windows forensics

  • Firewall Management

  • SIEM Management and Analytics

  • MSSQL Server management

  • IIS server logs

Scenario Objectives:

  • Practicing Windows logging research and advanced forensics

  • Gaining hands-on experience with Windows, MSSQL server and firewall management

  • Understanding attack logic, data obfuscation and attacker objectives

This scenario begins with a phishing attack where an unsuspecting employee receives an Trojan-infected email for a legitimate source. The Trojan is executed with user privileges, motivating the attacker to determine a path to privilege escalation. In this complex attack, participants will use advanced detection and prevention techniques to mitigate the scenario before significant data is exfiltrated from the environment.


Course Name:

WPAD MAN IN THE MIDDLE Training mission

Level: Advanced

Duration: 4 hours

Type: Instructor-led online

Required Skills:

  • Windows forensics

  • Firewall Management

  • Network forensics

  • DNS, ICMP protocols

  • Packet sniffers

Scenario Objectives:

  • Practicing deep packet inspection

  • Practicing networking forensics

  • Practicing proxy configurations

  • Gaining hands-on experience with a Man-in-the-Middle attack

In this scenario, a Man-in-the-Middle (MiTM) attack is executed on the network where the attacker impersonates a legitimate proxy in the segment in order to deceive victim hosts. In this complex scenario, participants will use advanced detection and prevention techniques to mitigate the scenario before significant data is exfiltrated from the environment, leaving the organization in a more vulnerable position.