Level: Advanced

Cloud Leak Exercise - Cyber Range

1 Day | Instructor Led

The Cloud Leak exercise is a customized, six-hour, Cyber Range exercise hosted on ManTech’s ACRE® cyber range. This exercise is led by technical instructors and expert cybersecurity engineers and can accommodate 10 to 50 participants in a classroom or remotely. In this exercise, an attack on a cloud-hosted storage service is simulated. Participants are given the following scenario: A major media outlet has contacted media relations asking for a statement about the discovery that thousands of customer credit card numbers were obtained through a breach of a cloud storage service. is unaware of any such breach. The CEO has requested an immediate investigation into the breach. Participants must determine how the cloud storage site was compromised and the extent of the intrusion, including the types of data exposed and any further infiltration of’s network. This exercise uses a hands-on keyboard approach to create realistic technical training and management interaction opportunities where participants respond to and report events as identified. Participants are encouraged to view the attack as if it were happening to their institutions in real time. Participants are asked to share what they have done or would do based on the facts provided.

Inquire About:
Cloud Leak Exercise - Cyber Range

Ideal Candidates for Cloud Leak Exercise - Cyber Range Class

Beginner, Intermediate, and Expert Cyber Security Analyst wishing to update their hands-on skills.

Cloud Leak Exercise - Cyber Range Prerequisites

Experience in the following areas: Windows 2008 R2, Windows 10, OPNsense, Security Onion, VyOS and Exchange 2010.

What You'll Get in Cloud Leak Exercise - Cyber Range

What You'll Learn in Cloud Leak Exercise - Cyber Range

Participants will learn how to:
• Identify techniques used to compromise cloud and other
network services.
• Determine the extent of a network intrusion campaign.
• Capture, preserve and recover network and host-based
artifacts from an attack on cloud storage.
• Identify the steps needed to secure a cloud storage site and
the enterprise network following intrusion.
• Document and report the source and extent of a
compromise along with recommendations for hardening the
network against attack and better data hygiene practices.

No Certification Test Available For This Course

No Certification Test Available For This Course

Cloud Leak Exercise - Cyber Range Outline

Phase 1 – Cloud Storage Investigation: Participants will be introduced to the environment, and the potential threat posed by the adversary. They will work to capture and preserve artifacts from an attack on a cloud storage service. This information will be used to determine the origin and extent of the attack. Phase 1 Objectives: •Identify method(s) used to compromise the cloud storage service. •Extract tools and files left behind by the attacker if possible. •Identify the types and locations of data potentially compromised in the attack.Phase 2 – Enterprise Network Compromise Investigation: Participants will use tools to capture, preserve and recover network and host-based artifacts from the attack to determine if/how the enterprise network was compromised as part of this attack. The information obtained during this phase should provide a clear picture of how the adversary attempted/successfully pivoted from the cloud storage site to the enterprise network. Phase 2 Objectives: •Identify all systems compromised in the attack. •Identify the methods used to compromise each affected system. •Identify tools used to compromise the network. •Extract samples of tools or malware left on the network if possible. •Identify any persistent adversary activity in the network.Phase 3 – Briefing of Findings: Participants will be given time to integrate the evidence gathered in Phase 1 and Phase 2 and compose a detailed report of the attack, which will then be briefed to the larger group. This report should address the objectives listed below. Phase 3 Objectives: •Provide a description of how the attacker was able to gain access to the cloud storage site. •Identify the types of data compromised in the attack. •Provide specific instructions to recover from the compromise. •Provide recommendations for organization-wide changes that would limit the impact of future compromises of cloud storage.Phase 4 – Hot Wash: A Red Team member provides the “Attacker Point of View” detailing the different methods used in the attack to encourage discussion about what might have been missed and what can be learned and improved upon. Phase 4 Objectives: •Discuss ways to better identify and protect against this type of attack. •Relate the lessons learned to what can be implemented within the institution’s own environments.


A. Erlich


I just wanted to say your presentation on Social Media Technology and Security was the finest I have ever attended.

Wilder Guerra

US Navy Reserve

This course is definitely an eye opener. With how much social media has taken over, it is important to be fully aware of the capabilities along with all the risks it brings. It is important to get this course because social media is the new norm.

Rebekah Coughlin


The Social Media and Security Training course offered by UKI is a great and beneficial course combining technical training to fully understand TCP IP networking, DNS, and the harms of malware and cross-site scripting; as well as practical training that allowed attendees to play with open source social intelligence gathering solutions. This is the perfect class for those involved in IT security and interested in social media and identity theft.

Top Related Courses

The Ransomware exercise is a customized, six-hour, live fire Cyber Range training exercise hosted on ACRE. This exercise is led by expert cyber security engineers and can be executed in a classroom as well as remotely. In this exercise, a ransomware-based attack (i.e., “WannaKry”) is launched via a malicious spear phishing originated compromise. This exercise includes a hands-on keyboard interface, which creates realistic technical training and management interaction opportunities. This exercise is not simulated – it is real malware, detonated in representative network enviroment. Participants are encouraged to view the attack as if it were happening to their institutions in real time, and asked to share what they have done or would do based on the facts provided. Such “range-based” exercises help institutions better understand the impact of an attack and prompt them to improve the ways in which their network defenders respond, communicate, request assistance, and recover from real-world cyber attacks. Institutions that have participated in this exercise have benefited directly by building greater interaction with their security community, as well as increasing capability maturity levels and resiliency across their specific customer sector.

CompTIA's Cybersecurity Analyst (CSA+) training from UKI teaches students to apply behavioral analytics to improve the overall state of IT security, providing critical knowledge and skills that are required to prevent, detect and combat cybersecurity threats.

In this course, you will learn how to install, configure, and manage Exchange Server 2016, as well how to manage mail recipients and public folders, including how to perform bulk operations using Exchange Management Shell. You will also learn how to manage client connectivity, message transport and hygiene, implement and manage highly available Exchange Server deployments, as well as implement back up and disaster recovery solutions. The course also teaches students how to maintain and monitor an Exchange Server 2016 deployment. In addition, students will learn how to administer Exchange Online in an Office 365 deployment.

© 2019 Ultimate Knowledge Insitute | All Rights Reserved
GSA# GS-35F-0469W