Cyber Range by CDeX — workshops during
CYBERSEC FORUM, 21-22 June 2023
Cyber range is a virtual platform used to increase cyber defence skills and develop cybersecurity technologies. It is an ecosystem in which organizations can analyse the security of critical infrastructure and learn how to effectively integrate people, processes and technologies to protect their strategic information, services and resources.
CDeX (Cyber Defense eXercise Platform) is an advanced training platform offering a fully scalable, automated and hyperrealistic training environment that allows you to build cyber defence competences and acquire skills in realistic cyberattack conditions. Our cyber range is used by 4 main sectors of the market — national defence and the army, critical infrastructure, business and corporations as well as education.
The SCADA PLC scenario is based on an infrastructure that reflects network architecture and the way of communication between individual components of OT environments. Under this scenario, the participant is tasked with learning about the vulnerabilities of various phases of attacks on critical infrastructure and reducing threats by introducing appropriate safeguards. The scenario was developed for administrators and engineers responsible for maintaining OT environments. Trainee will face such methods of attack as exploiting configuration weaknesses (e.g. incorrect configuration of firewall), and use of vulnerability of industrial communication protocols.
SLFSA – Linux FTP and SSH
The Linux FTP & SSH Attacks scenario consists of two infrastructures: Blue Team infrastructure, which is accessible by trainee and SkyNET infrastructure, which is designed to simulate the Internet and the services available in it. Under this scenario, the participant is tasked with identifying and removing threats by introducing safeguards to prevent attacks (hardening). The scenario infrastructure is configured to contain security vulnerabilities. The script was developed for Linux administrators; attacks on SSH and FTP services will be carried out. Trainee will face such methods of attack as exploiting configuration weaknesses (e.g. Anonymous accounts), incorrect directory access, leaving backdoors in the form of .ssh keys. The scenario also assumes the use of vulnerability in SSH and FTP software versions.