PRACTICE

Apply & Hone Your Skills

Apply your knowledge inside real-world virtual environments to gain experience, build new capabilities, and hone existing skills. Capture The Flag (CTF) challenges are a great way to practice on your own, and group exercises are well-suited for small to large groups.

CAPTURE THE FLAG

Capture The Flag exercises, or CTFs, are designed to present participants with a number of challenges that require different skills at varying levels of complexity. Individuals apply their knowledge and technical skills (e.g., reversing binaries, performing forensic analysis on file systems, manipulating network traffic, etc.) to solve problems and grab a file or another piece of data off a target system (often referred to as a “flag”) as proof of having successfully exploited or hardened a particular service.

CTFs can be structured as individual, self-paced activities or highly-advanced individual or group competitions.

Public CTFs

HackTheBox
Try Hack Me
Hacker101 CTF
Facebook CTF
Google CTF

Exclusive CTFs

Merit CTF

Merit’s CTF is a challenge designed to cover the spectrum of cybersecurity. Choose from a variety of self-paced and self-directed modules to complete challenges and capture hidden flags that earn your points. From Python scripting and web application hijacking to reverse engineering, database hacking, and penetrating SCADA networks, this exercise is a means to challenge and assess individual skills across a broad range of systems.

  • Linux 100
  • Linux 101
  • Networking 101
  • Python 101
  • Powershell 101
  • Powershell 201
  • Recon 101
  • Cryptography
  • Binary Forensics
  • School Computer (Reverse Engineering & Exploitation)
  • Library (Find PII)
  • City Hall (Deface a website)
  • Private Business – Zenda (Incident Response & Forensics)
  • Power & Energy – SCADA (Service Exploitation)

REGISTER FOR THIS CTF

ALPHAVILLE

The following practice exercises are designed to help prepare teams to mitigate risks, respond to incidents, and protect business continuity with real-world scenarios.

Full-Day Exercises

Capture The Flag

Using Merit’s CTF platform, teams of four individuals will work together to earn points by using open source tools to fire-off live attacks on networked systems in real time. Pick the areas that challenge you to rack up as many points as possible (note that easier modules earn less points and fewer flags). Nobody will be able to prevent another’s ability to capture a flag or achieve a challenge. User experience is augmented through the use of a scoreboard and 3D visualization of the Alphaville environment. At the end of the exercise, the team with highest points and most flags wins.

CTF modules include:

  • Linux 100
  • Linux 101
  • Networking 101
  • Python 101
  • Powershell 101
  • Powershell 201
  • Recon 101
  • Cryptography
  • Binary Forensics
  • School Computer (Reverse Engineering & Exploitation)
  • Library (Find PII)
  • City Hall (Deface a website)
  • Private Business – Zenda (Incident Response & Forensics)
  • Power & Energy – SCADA (Service Exploitation)

SCHEDULE THIS EXERCISE

Paintball

Maintain and control (own) as many systems in Alphaville as possible and protect your team’s blue node to get the highest total up-time for planted beacons plus total uptime of your team’s critical blue node services. A system is considered ‘owned’ by a team if that team’s ‘beacon’ is broadcasting out from the system in question and is reported to the scoreboard.

SCHEDULE THIS EXERCISE

Cyber Defense (Red vs. Blue)

Cyber Defense is a force-on-force cyber exercise that challenges cybersecurity professionals with a live, thinking, adapting adversary. This exercise is completely customizable – your teams can attack, defend or both. Cyber Defense takes place in a subset of the  larger Alphaville Training environment. Teams are assessed based on learning objectives in an after-action review (AAR).

Cyber Defense can be structured in a number of ways; combinations are not limited to just one Red team and one Blue team. For example, this exercise can accommodate:
– Red vs. Red vs. Blue
– Red vs. Red vs. Red vs. Blue Team 1 and Blue Team 2
– etc.
Along with the Red and Blue teams, there will also be a Purple team to guide all teams to make sure everyone gets the most out of the exercise as then can.

SCHEDULE THIS EXERCISE

Cyber Sentinel – Passive

Cyber Sentinel is a hands-on foundational Incident Response (IR) exercise for newly-formed cyber IR teams with intermediate to advanced skills and maps to the NIST 800 standards.

Your pre-existing cyber IR teams will uncover the facts of recently occurring security incidents one at a time and at their own pace. Teams will test their abilities under pressure while defending the virtual business called Zenda.

SCHEDULE THIS EXERCISE

Cyber Sentinel – Active

Cyber Sentinel is a hands-on foundational Incident Response (IR) exercise for newly-formed cyber IR teams with intermediate to advanced skills and maps to the NIST 800 standards.

Your pre-existing cyber IR teams will play against one or more active Red Teams to test their abilities under pressure while defending the virtual business called Zenda. Blue Teams will need to uncover the facts of an actively-occurring security incident, secure their network, conduct forensic analysis, and harden target systems against real-time a Red Team(s) that is actively trying to hack virtual infrastructure.

SCHEDULE THIS EXERCISE

Table Top Exercise (TTX) for Executives

Table Top Exercises test and validate an organization’s ability to handle cyber incidents and execute procedures at an organizational level.  Executives and employees from within finance, human resources, IT, and legal departments should attend. Table Top exercises are designed to facilitate discussion around policies and procedures.

SCHEDULE THIS EXERCISE

Additional Practice Exercises

Any of the exercises above can also be customized to meet your organization’s specific needs. Contact the Cyber Hub at WMCAT for more details.

REQUEST AN EXERCISE

Explore Alphaville, a Virtual City

Host a customized practice environment inside Al[phaville

REQUEST A CUSTOM EXERCISE

WHAT IS ALPHAVILLE?

Alphaville, the Michigan Cyber Range’s virtual training environment, mimics a real city and offers five different locations, each representing a different security level and containing systems similar to their real-world counterparts. The environment features SCADA, security appliances, email, file sharing, active directory, and DNS.

Subscribe to WMCAT Newsletter
  • This field is for validation purposes and should be left unchanged.