CERT Games 2016

June 2016 Security Training Program in Strasbourg, France

Date

29 June 2016 - 1 July 2016

Location

Centre de culture numérique - Université de Strasbourg

http://osm.org/go/0DOBNnTwC?m=

Video

Download it !

Instructors

Aleš PADRTA, head of FLAB, CESNET CERTS, CESNET
Jean BENOIT, CERT OSIRIS - Université de Strasbourg
Paweł WEŻGOWIEC, COMCERT.PL
Dawid OSOJCA, COMCERT.PL
Marcin DUDEK, COMCERT.PL

Training material

forensic-training Git Repository

Attendance

45 participants from 8 European countries

Credits

Without those people, this event would not have been possible. Many thanks to:

Guilhem Borghesi, Magali Daujat, Jean Benoit from the CERT OSIRIS
Fabienne, Ikram, Simon, Lova, Jennifer, Virgile from the Direction Informatique, Université de Strasbourg
Michelle Danho, Vanessa Pierné, Jean-François Guezou from RENATER
Mirosław Maj, Paweł Weżgowiec, Dawid Osojca, Marcin Dudek, Michal Przybylski from Cybersecurity Foundation & COMCERT.pl
Aleš Padrta and Andrea Kropacová from CESNET

And many thanks to all the participants!

About the training

Defend yourself against hacker attacks and recover from an incident in a 3 days of fun, hands-on training!

Training objectives

In a learning set-up designed by experts in the field, the participant work in team and practice different security skills, gaining an enlightening experience in the process.

During the event, two different hands-on trainings were played :

CERT Games (2 days): detecting, understanding and reacting to live vulnerability exploitation on a dedicated infrastructure,
Forensics training (1 day): collecting and analysing data to reconstruct the timeline of an attack.

Participants ?

Academic Network and System Administrators

IT systems administrators IT security incident responder

The workshop included

detecting attacks targeting the infrastructure the participants must protect detecting configuration and services vulnerabilities analysing log and network traffic system hardening learning basic forensics techniques analysing a compromised system

Required from participants

Basic knowledge of Linux systems administration (workshop aims at protection of Linux systems) knowledge of network protocols, and the ability to analyze network traffic basic knowledge of IT security ability to analyse logs of the popular services basic understanding of unix file system structure

Expected from the participants

To bring their own laptop with an ethernet card or WiFi to have Open VPN, ssh client and a web browser installed on their laptops.

Workshop language

English

More information

About CERT Games

The aim of the exercise is to develop proper habits and practice in:

handling incidents defending against attacks targeting the IT infrastructure. During the exercise, the participants has been confronted with an existing infrastructure containing, among others, web server, mail server, file server and DNS server. The participants attempted to defend these resources using various defense techniques. It has been required to present an ability to carry out the activities related to proper protection of the infrastructure, attack detection and rapid decision making related to the occurring threat. An additional advantage of the exercise was a possibility to evaluate the ability of participants in group-work and group problem-solving. The teams were evaluated throughout the exercise, in order to assess the undertaken actions effectiveness. The exercise ended with the team results presentation and an additional discussion.

About Forensics Training

This exercice is a gentle introduction to computer forensics:

data acquisition, timeline extraction from file system, going from one lead to another to build the big picture of an incident. Those techniques were practiced in a hands-on session. The participants collected and analyze an image of a compromised system. They explored its structure and reconstruct the timeline of the incident to find out the source of compromission.