CERT Games 2016
June 2016 Security Training Program in Strasbourg, France
Date
29 June 2016 - 1 July 2016
Location
Centre de culture numérique - Université de Strasbourg
http://osm.org/go/0DOBNnTwC?m=
Sponsors
RENATER, CESNET, Université de Strasbourg
Video
Instructors
- Aleš PADRTA, head of FLAB, CESNET CERTS, CESNET
- Jean BENOIT, CERT OSIRIS - Université de Strasbourg
- Paweł WEŻGOWIEC, COMCERT.PL
- Dawid OSOJCA, COMCERT.PL
- Marcin DUDEK, COMCERT.PL
Training material
forensic-training Git Repository
Attendance
45 participants from 8 European countries
Credits
Without those people, this event would not have been possible. Many thanks to:
- Guilhem Borghesi, Magali Daujat, Jean Benoit from the CERT OSIRIS
- Fabienne, Ikram, Simon, Lova, Jennifer, Virgile from the Direction Informatique, Université de Strasbourg
- Michelle Danho, Vanessa Pierné, Jean-François Guezou from RENATER
- Mirosław Maj, Paweł Weżgowiec, Dawid Osojca, Marcin Dudek, Michal Przybylski from Cybersecurity Foundation & COMCERT.pl
- Aleš Padrta and Andrea Kropacová from CESNET
And many thanks to all the participants!
About the training
Defend yourself against hacker attacks and recover from an incident in a 3 days of fun, hands-on training!
Training objectives
In a learning set-up designed by experts in the field, the participant work in team and practice different security skills, gaining an enlightening experience in the process.
During the event, two different hands-on trainings were played :
- CERT Games (2 days): detecting, understanding and reacting to live vulnerability exploitation on a dedicated infrastructure,
- Forensics training (1 day): collecting and analysing data to reconstruct the timeline of an attack.
Participants ?
Academic Network and System Administrators
IT systems administrators IT security incident responder
The workshop included
detecting attacks targeting the infrastructure the participants must protect detecting configuration and services vulnerabilities analysing log and network traffic system hardening learning basic forensics techniques analysing a compromised system
Required from participants
Basic knowledge of Linux systems administration (workshop aims at protection of Linux systems) knowledge of network protocols, and the ability to analyze network traffic basic knowledge of IT security ability to analyse logs of the popular services basic understanding of unix file system structure
Expected from the participants
To bring their own laptop with an ethernet card or WiFi to have Open VPN, ssh client and a web browser installed on their laptops.
Workshop language
English
More information
About CERT Games
The aim of the exercise is to develop proper habits and practice in:
handling incidents defending against attacks targeting the IT infrastructure. During the exercise, the participants has been confronted with an existing infrastructure containing, among others, web server, mail server, file server and DNS server. The participants attempted to defend these resources using various defense techniques. It has been required to present an ability to carry out the activities related to proper protection of the infrastructure, attack detection and rapid decision making related to the occurring threat. An additional advantage of the exercise was a possibility to evaluate the ability of participants in group-work and group problem-solving. The teams were evaluated throughout the exercise, in order to assess the undertaken actions effectiveness. The exercise ended with the team results presentation and an additional discussion.
About Forensics Training
This exercice is a gentle introduction to computer forensics:
data acquisition, timeline extraction from file system, going from one lead to another to build the big picture of an incident. Those techniques were practiced in a hands-on session. The participants collected and analyze an image of a compromised system. They explored its structure and reconstruct the timeline of the incident to find out the source of compromission.