Cyber Range Trainings Automated Red Teaming Scenario Generation
Our corporate information networks and systems are being actively targeted by threat sources on a daily basis. Detecting incidents and responding to them, requires a very specific set of knowledge, skills, and abilities (KSA). Furthermore, our operational network and systems are also the target of attacks, and therefore the operators and the support staff of our command and control systems, weapon platforms, etc., also need to develop the necessary KSA to operate and maintain these systems in a hybrid threat situation.
Developing the cyber-related KSA that are required for each role in the organization, whether it is a cybersecurity related role or not, typically requires hands-on training on a cyber range. In order to develop adequate mental models, the training scenarios that are used must be sufficiently realistic and therefore end up being inevitable complex to implement and execute.
Running a training scenario on a cyber range currently requires cyber experts to play the role of the attackers. These are referred to as the “read team”. Given the limited number of cyber experts that are available, unfortunately this solution does not scale very well.
In view of the fact that the success of our operations on the one hand increasingly depends on our ability to guarantee information assurance, and on the other hand the cyber threat constantly increases, the need for cyber range based trainings for different types of personnel will only increase. That is why we need to be able to run training scenario’s on a cyber range without generating an excessive load on our cyber experts.
The goal of this project is to develop an automated red teaming solution. This will make it possible to organize an ambitious hands-on cyber training program without creating an excessive load and the expert cyber training staff.
Not only will automated red teaming make it possible to organize larger numbers of training sessions but it will also result in repeatable red team performance, which is important for evaluating and possibly certifying skills.
The project will produce a number of deliverables:
Alpine Linux is a very light Linux distribution, that can run with less than 100MB of harddisk space. Here is how to configure Alpine Linux to run as a NAT router and DHCP server.
ReadOffensive Security Cyber Range
The GHOSTS Framework is an open-source project created by Dustin Updyke, a cybersecurity researcher from the Carnegie Mellon University. It’s a framework which offers a way to simulate user activity, usually for cyber awareness trainings or research in the field of cyber defense.
ReadThe cyrange Cyber Range is composed of multiple docker containers. After installation, here is how to configure your firewall to allow communication between the different components…
Readcyrange is a Cyber Range platform built on top of VirtualBox. It brings some some additional features to support education and training:
Read