Course Content

We build a tailored-made course programs for every client according to the requirements, experience and knowledge of the trainees.

Even so, some primary activities are generally included in the course:

- Scenarios: The trainees will investigate the virtual environment, using the Cyber Trainer System.

- Scenario Debrief:The trainer will have a discussion with the trainees on the solution to the scenario, including analyzing the results of the trainees, adding additional insights, mitigation plans and more.

- Review & Preparation:Review of the previous day and preparation for the next scenario.

- Security Utilities Training:

- Scenarios:Training and exercising on key investigation tools. This component is dynamic and may be changed based on remaining time and trainee prior knowledge.

Simulator Training Flow

The Cyber Training Simulator System provides a holistic approach to cyber training. The training flow can be divided to three main steps, all of which are supported by the Training Management System

1. Training Setup - In this stage the trainer defines the training structure, taking into consideration its goals and the skills of the trainees. The relevant cyber-attack scenarios are selected with the corresponding IP SCADA network. The selected network is then automatically cloned and allocated for each blue training team.

2. Training Execution - This is the live training phase in which legitimate traffic is injected into the training network. The selected attack scenarios are also streamed into the network with timing controlled by the trainer, including attempts to inflect damage such as business disruption, confidentiality and information loss. The blue team trainees are required to take all actions normally executed in real-world events to detect, respond and block the attacks. The trainers monitor the session, provide feedback and guidance according to the attack scenario built-in solution metrics.

3. Training Review - In this stage the trainer debriefs the trainees (AAR) by reviewing their performance during the training session, analyses of the attack and highlight of specific actions. The training session is concluded with group and individual feedback, a summary of lessons learned and emphasis on improvement.

Examples for cyber trainer scenarios

IT Training Scenarios

- SQL Injection

- WMI Worm

- Apache Shutdown

- Trojan Data Leakage

- Java Applet NMS Kill

- Java Applet Send Mail

- Killer Trojan

SCADA protocol scenarios (critical infrastructure)

- HMI – Overloading the Plant

- VPN – Shutting Down the Plant

- Field 2 Field – Silent Attack