The Red versus Blue exercise is a customized, six to eight-hour, Cyber Range exercise hosted on ManTech’s Advanced Cyber Range Environment (ACRE). Led by expert cyber security engineers, the exercise can be executed in a classroom and remotely. In this exercise, a Master Scenario Events List (MSEL) is followed, which describes the red attack and execution time. The MSEL consists of such attacks as Business Email Compromise (BEC), SQL injection, Advanced Persistent Threat (APT), Data Ex-filtration, Privilege Escalation, and DoS. It is possible to customize the environment with the customer’s choice of tools. Red vs blue activity can also be customized. The ACRE team can simulate the red team actions, or supplement blue team or white team actions. This exercise uses a hands-on keyboard approach to create realistic technical training and management interaction opportunities where participants respond to and report events as identified. Participants are encouraged to view the simulated attack as if it were happening to their institutions in real time, and asked to share what they have done or would do based on the facts provided. Range-based exercises such as this help institutions better understand the impact of an attack and prompt them to improve ways in which their network defenders respond, communicate, request assistance, and recover from real-world cyber attacks. Institutions that have participated in this exercise have benefited directly by building greater interaction with their security community, as well as increasing capability maturity levels and resiliency across their specific customer sector.
Ideal Candidates for Red versus Blue Exercise Class
Expert Cyber Security Analysts wishing to update their hands-on skills.
Red versus Blue Exercise Prerequisites
Technical experience in:
- Incident Response
- Security Operations
- Cyber Forensics
- Threat Hunting
- Ethical Hacking
- Debugging
- Ethical Hacking
What You'll Get in Red versus Blue Exercise
What You'll Learn in Red versus Blue Exercise
Phase 1: Intel Report of Compromised Executive EmailPhase 2: Active Campaign
Phase 3: Hotwash/After Action Review.
Red versus Blue Exercise Certification
No certification test available for this course.
Red versus Blue Exercise Outline
Phase 1: Intel Report of Compromised Executive Email- Pre-staged APT within target environments (“Easter egg” for discovery)
- Participants receive report that Executive Email is compromised
- Begins Blue hunt, hardening & remediation activity
- Business Email Compromise
- Web Application attacks (SQL Injection, XSS, LFI, RFI, etc)
- Data Exfiltration
- Additional Destructive APT actions (DDoS, File Encryption, Logic Bombs, etc)
- Blue Teams present briefings describing campaign sequence and impact, attempts to remediate, and effectiveness of remediation.
- Red Team reveals integrated campaign from start to finish and discusses effectiveness of various Blue Team techniques.
Testimonials
This course is definitely an eye opener. With how much social media has taken over, it is important to be fully aware of the capabilities along with all the risks it brings. It is important to get this course because social media is the new norm.
The Social Media and Security Training course offered by UKI is a great and beneficial course combining technical training to fully understand TCP IP networking, DNS, and the harms of malware and cross-site scripting; as well as practical training that allowed attendees to play with open source social intelligence gathering solutions. This is the perfect class for those involved in IT security and interested in social media and identity theft.
Top Related Courses
The Ransomware exercise is a customized, six-hour, live fire Cyber Range training exercise hosted on ACRE. This exercise is led by expert cyber security engineers and can be executed in a classroom as well as remotely. In this exercise, a ransomware-based attack (i.e., “WannaKry”) is launched via a malicious spear phishing originated compromise. This exercise includes a hands-on keyboard interface, which creates realistic technical training and management interaction opportunities. This exercise is not simulated – it is real malware, detonated in representative network enviroment. Participants are encouraged to view the attack as if it were happening to their institutions in real time, and asked to share what they have done or would do based on the facts provided. Such “range-based” exercises help institutions better understand the impact of an attack and prompt them to improve the ways in which their network defenders respond, communicate, request assistance, and recover from real-world cyber attacks. Institutions that have participated in this exercise have benefited directly by building greater interaction with their security community, as well as increasing capability maturity levels and resiliency across their specific customer sector.
The Cloud Leak exercise is a customized, six-hour, Cyber Range exercise hosted on ManTech’s ACRE® cyber range. This exercise is led by technical instructors and expert cybersecurity engineers and can accommodate 10 to 50 participants in a classroom or remotely. In this exercise, an attack on a cloud-hosted storage service is simulated. Participants are given the following scenario: A major media outlet has contacted bank.com media relations asking for a statement about the discovery that thousands of bank.com customer credit card numbers were obtained through a breach of a cloud storage service. Bank.com is unaware of any such breach. The CEO has requested an immediate investigation into the breach. Participants must determine how the cloud storage site was compromised and the extent of the intrusion, including the types of data exposed and any further infiltration of bank.com’s network. This exercise uses a hands-on keyboard approach to create realistic technical training and management interaction opportunities where participants respond to and report events as identified. Participants are encouraged to view the attack as if it were happening to their institutions in real time. Participants are asked to share what they have done or would do based on the facts provided.
CompTIA's Cybersecurity Analyst (CSA+) training from UKI teaches students to apply behavioral analytics to improve the overall state of IT security, providing critical knowledge and skills that are required to prevent, detect and combat cybersecurity threats.
Vendor Details
Mantech
ManTech advances customer success by delivering unique best value solutions, consulting services, and technologies that meet their mission-critical needs anytime and anywhere.
A. Erlich
RITSC, N6CI just wanted to say your presentation on Social Media Technology and Security was the finest I have ever attended.