Automated red teaming for cyber range-based training

Cyber Range Trainings Automated Red Teaming Scenario Generation

DAP/22-13

Active

Defence Funded Research

August 2024 August 2028

49 months

Robbe Louwet

Our corporate information networks and systems are being actively targeted by threat sources on a daily basis. Detecting incidents and responding to them, requires a very specific set of knowledge, skills, and abilities (KSA). Furthermore, our operational network and systems are also the target of attacks, and therefore the operators and the support staff of our command and control systems, weapon platforms, etc., also need to develop the necessary KSA to operate and maintain these systems in a hybrid threat situation.

Developing the cyber-related KSA that are required for each role in the organization, whether it is a cybersecurity related role or not, typically requires hands-on training on a cyber range. In order to develop adequate mental models, the training scenarios that are used must be sufficiently realistic and therefore end up being inevitable complex to implement and execute.

Running a training scenario on a cyber range currently requires cyber experts to play the role of the attackers. These are referred to as the “read team”. Given the limited number of cyber experts that are available, unfortunately this solution does not scale very well.

In view of the fact that the success of our operations on the one hand increasingly depends on our ability to guarantee information assurance, and on the other hand the cyber threat constantly increases, the need for cyber range based trainings for different types of personnel will only increase. That is why we need to be able to run training scenario’s on a cyber range without generating an excessive load on our cyber experts.

The goal of this project is to develop an automated red teaming solution. This will make it possible to organize an ambitious hands-on cyber training program without creating an excessive load and the expert cyber training staff.

Not only will automated red teaming make it possible to organize larger numbers of training sessions but it will also result in repeatable red team performance, which is important for evaluating and possibly certifying skills.

The project will produce a number of deliverables:

  • a scenario definition language that makes it possible to define a training scenario in a such way that it can be automatically orchestrated
    • a scenario orchestrator software that executes a scenario in a training environment
    • a report that provides an overview of the state of the art in cyber attack scenario orchestration
A light NAT router and DHCP server with Alpine Linux

Cyber Range Sysadmin Cyrange

Alpine Linux is a very light Linux distribution, that can run with less than 100MB of harddisk space. Here is how to configure Alpine Linux to run as a NAT router and DHCP server.

Read
Orchestration script to simulate user activity on multiple machines thanks to the GHOSTS framework

Offensive Security Cyber Range

The GHOSTS Framework is an open-source project created by Dustin Updyke, a cybersecurity researcher from the Carnegie Mellon University. It's a framework which offers a way to simulate user activity, usually for cyber awareness trainings or research in the field of cyber defense.

Read
Cyrange : firewall configuration

Cyrange Cyber Range

The cyrange Cyber Range is composed of multiple docker containers. After installation, here is how to configure your firewall to allow communication between the different components...

Read
Create your own VM image for the Cyber Range

Cyrange Cyber Range

cyrange is a Cyber Range platform built on top of VirtualBox. It brings some some additional features to support education and training:

Read