Cyber Combat Tokyo
Cyber Combat is a live event where teams of network security professionals compete to be the sole victor in a digital arena created by Ixia – think of it as Iron Chef for hackers, with a twist. Each team has a red (offensive) and blue (defensive) player, with the winner being determined by who was able to simultaneously most pwn the opponent while best defending against pwnage of their own resources. Ixia Cyber Combat Tokyo was not just a training session, it was a live battle between top security professionals.
The warm up was a series of technical classes on Day 1 and Day 2. Just like it would be at a shooting range where first they made you disassemble, clean, lube and reassemble the firearm, tensions were high and everyone was eager to get to the practical stage.
We had 16 teams, each with a blue and a red member, making for a total of 32 cyber warriors. In order to be successful in competition, Red Team players needed to leverage the latest and greatest techniques in network infiltration, data mining, and exfiltration going after a mix of Windows and Linux servers. Blue Team players race the clock to quickly identify ongoing attacks, harden their servers, tune security infrastructure, and even root out attackers inside the networks they are protecting with little more than SIEM and Firewall logs to help.
Red Team Scenarios
- Discovering, Enumerating, and infiltrating Windows and Linux Servers Defended by a Fortinet Firewall
- Exfiltrating and cracking salted, hashed passwords stored in databases
- Searching penetrated machines for valuable data hidden via steganography
- Combing through metadata for breadcrumbs of valuable information
- Writing custom scripts to unlock data
Blue Team Scenarios
- Monitoring SIEM (Security Information Event Management) and Fortinet Firewall logs for ongoing attacks
- Modifying configurations to thwart attackers
- Examining network traffic and correlating events to discover and stop coordinated attacks
One of the keys to the success of the US military in the field has been the practice of not only using a lot of training, but making that training as close as possible to the real thing. Cyber security is little different. The sad reality is that you are going to get breached and that when this happens it is going to be hard on everyone in corporate security and IT. There will be confusion, stress and panic. One way of preparing for the inevitable is to train on a cyber range. When it was all said and done, infosec practitioners from business, enterprise, technology and other markets were all able to go home and regardless of who lost and who won everyone not only had a great time but also learned a lot about security, themselves and the teammates.
Until the next round….
By the way, October is National Cyber Security Awareness Month - check out other NCASM 2018 posts here.