TOGETHER, WE

RESPOND

FASTER

CYBERSEC 2019

MAR. 19 – 21

Taipei International Convention Center
Taipei World Trade Center Hall 1, 2F

Blue Team Workshop

This workshop is based on the defensive concepts of the Blue Team and simulates how a company should respond to an attack. These are the most professional courses provided in the industry and serve as great opportunities for companies to acquire experience in incident response. Normally, the tuition for such courses is very high; only at CYBERSEC will you find it offered for free!

Cyber threats are constantly evolving. Purchasing anti-malware products is no longer sufficient for keeping an enterprise safe. It is just as important to have training in incident response and defensive techniques. While the Red Team is focused on simulated attack drills that uncover system vulnerabilities, the Blue Team is focused on how to respond to threats and incident handling. More and more companies are realizing the value of a skilled Blue Team. Offensive simulation drills, which have begun to appear on the market, are great ways for enterprises to accumulate experience and fortitude in combating cyber attacks.

The conference has specially invited the industry leader, Cisco as well as Cyber Range, which has cooperated with TSTI, RangeSeed from the Institute for Information Industry, the Israeli-based Cyberbit Range, the Cyber Defense Exercise from the National Center for High Performance Computing and the Blue Team CTF exercise courses from the CyCarrier. Registration for CYBERSEC is free!

Grab your seat now! Register yourself at CYBERSEC and on-site registration for Blue Team Workshop.

Mar. 19(二)
09:00 - 12:30
12:30 - 14:30

Cyber Range: Practical network attack defense practice

  • Time: 03/19 14:00 - 17:30
  • Venue: TICC 202
  • Speaker

    Professor / Director,Department of Computer Science and Engineering / Computer Center,Tatung University Tsang-Long Pao

  • Course Description

    The Cyber Range is a simulated cyber security war-game environment. It provides a training facility to the cyber security workers to learn how to defense by replaying various cyber threat incidents in an enterprise network environment. This process will give a realistic experience of defense thinking and operations. During the exercise, the TA will provide necessary assistance to the trainee to follow the defense process and capture the idea behind the cyber-attacks. After finishing each exercise, the instructor will discuss in depth about the hacker’s thinking, the defense techniques and the way to improve the detection and defense process. For example, when facing the ransomware, Advanced Persistent Threat or DDoS attack, the playbook will replay of realistic security incidents to let the trainee to learn security incident detection and defense plaining ability for various attacks. By providing various simulated attacks, the trainee can learn how to defend the cyber-attacks and to elevate their capabilities in cyber threat detection, incident analysis and cyber security threat assessment. The ultimate goal is to gain the ability to prevent future cyber security incidents, knowledge of the advanced cyber security defense techniques, and the ability to utilize security equipment and software applications. Having these capabilities, the cyber security workers shall be able to defend future cyber-attacks and reduce the risks of intrusion to the enterprise and guarantee continuous and uninterrupted network operations.

    Course Outline

    • Intrusion Prevention, e-mail security, and web security
    • IoT vulnerability, attack, and defense exercise
    • Data loss detection, tracking and protection

    Suggested equipment specifications for Attendee

    • Notebook Computer (Windows or Mac) that can install the Cisco AnyConnect and VMWare Horizon Client

    Attendee Prerequisite Skills for the Course

    • Basic knowledge of information security

The Next Generation of Cybersecurity Simulation Training System, Tokyo Olympics Anti-terrorism Designated ~ International Well-known Cyberbit Blue Team Training System: Apache Shutdown Scenario

  • Time: 03/19 12:30 - 14:30
  • Venue: TICC 203
  • Speaker

    Project Manager,Institute for Information Industry Tzu-Hsien Chuang

  • Speaker

    Senior Engineer,Institute for Information Industry Andy Lin

  •  Course Descriptio

    The cybersecurity simulation training system is Israel’s well-known Cyberbit Range Training system.

    We will practice the most three common threats as for the CyberSec 2019 CyberLAB program, they are: Apache Shutdown, Trojan Data Leakage, and SQL Injection.

    Through hand-on practice of the complete scenario, the trainees will know how to judge different attack behaviors and then propose proper response measures. Each exercise will take around 1.5 hours. The simulations are as following:

    • Apache Shutdown Scenario: In this scenario, the system attacks a known public Apache web server. The attacker uses a Secure Shell (SSH) brute-force attack to gain access to the server and uploads backdoor files and scripts that send the server’s user name and password to the attacker every minute to maintain access to the server. Finally, the attack adds a cron job that shuts down the Apache services in one-minute intervals.

    Course Outline

    • HOW TO DETECT A NEW PORT-SCANNING INCIDENT IN THE SIEM SYSTEM
    • HOW TO DETECT A SUCCESSFUL PASSWORD BRUTE-FORCE ATTACK
    • HOW TO DETECT FAILURE OF APACHE SERVICES ON ZENOSS SYSTEM
    • HOW TO RESTART APACHE SERVICES (ONGOING AS LONG AS THE ATTACK CONTINUES)
    • HOW TO ANALYZE THE REASON FOR THE APACHE SERVICES FAILURE
    • HOW TO DELETE SCHEDULED CRON JOBS
    • HOW TO REMEDIATE THE VULNERABILITY AND MITIGATE THE ATTACK​​​​​​

    Suggested equipment specifications for Attendee

    • All equipment is prepared by Cybersecurity Technology Institute, Institute for Information Industry.

    Attendee Prerequisite Skills for the Course

    • Basic knowledge of network security and information security.
    • Familiar with database operations and basic understanding of malware principles. 
15:30 - 17:30

The Next Generation of Cybersecurity Simulation Training System, Tokyo Olympics Anti-terrorism Designated ~ International Well-known Cyberbit Blue Team Training System: Apache Shutdown Scenario

  • Time: 03/19 15:30 - 17:30
  • Venue: TICC 203
  • Speaker

    Project Manager,Institute for Information Industry Tzu-Hsien Chuang

  • Speaker

    Senior Engineer,Institute for Information Industry Andy Lin

  • Course Description

    The cybersecurity simulation training system is Israel’s well-known Cyberbit Range Training system.

    We will practice the most three common threats as for the CyberSec 2019 CyberLAB program, they are: Apache Shutdown, Trojan Data Leakage, and SQL Injection.

    Through hand-on practice of the complete scenario, the trainees will know how to judge different attack behaviors and then propose proper response measures. Each exercise will take around 1.5 hours. The simulations are as following:

    • Apache Shutdown Scenario: In this scenario, the system attacks a known public Apache web server. The attacker uses a Secure Shell (SSH) brute-force attack to gain access to the server and uploads backdoor files and scripts that send the server’s user name and password to the attacker every minute to maintain access to the server. Finally, the attack adds a cron job that shuts down the Apache services in one-minute intervals.

    Course Outline

    • HOW TO DETECT A NEW PORT-SCANNING INCIDENT IN THE SIEM SYSTEM
    • HOW TO DETECT A SUCCESSFUL PASSWORD BRUTE-FORCE ATTACK
    • HOW TO DETECT FAILURE OF APACHE SERVICES ON ZENOSS SYSTEM
    • HOW TO RESTART APACHE SERVICES (ONGOING AS LONG AS THE ATTACK CONTINUES)
    • HOW TO ANALYZE THE REASON FOR THE APACHE SERVICES FAILURE
    • HOW TO DELETE SCHEDULED CRON JOBS
    • HOW TO REMEDIATE THE VULNERABILITY AND MITIGATE THE ATTACK​​​​​​

    Suggested equipment specifications for Attendee

    • All equipment is prepared by Cybersecurity Technology Institute, Institute for Information Industry.

    Attendee Prerequisite Skills for the Course

    • Basic knowledge of network security and information security.
    • Familiar with database operations and basic understanding of malware principles. 
Mar. 20(三)
09:00 - 12:30

Cyber Defense Exercise - Web intrusion and defensive practice

  • Time: 03/20 10:00 - 11:30
  • Venue: TICC 401
  • Speaker

    Cyber Defense Exercise Team Member,National Center for High-performance Computing Cyber Defense Exercise Team Member

  • Course Description

    Students will be connected to the CDX platform course environment through VPN.

    The stuednt will be practice attack or defensive.

    The target host in the course environment will be used as a practice object to simulate the small company website being hacked.

    In the course, the instructor leads the students who cosplay hacker to intrusion/DDoS target hosts step by step, and then leads the students who cosplay defensive role to solve the intrusion/DDoS events.

    Course Outline

    • Web intrusion practice and corresponding countermeasures against intrusion techniques
    • DDoS practice and mitigate DDoS

    Suggested equipment specifications for Attendee

    • Can connect to the Internet
    • Installed Fortinet VPN Client

    Attendee Prerequisite Skills for the Course

    • Linux command
    • TCP/IP
    • Web
12:30 - 14:30

Cyber Range: Practical network attack defense practice

  • Time: 03/20 14:00 - 17:30
  • Venue: TICC 202
  • Speaker

    Professor / Director,Department of Computer Science and Engineering / Computer Center,Tatung University Tsang-Long Pao

  • Course Description

    The Cyber Range is a simulated cyber security war-game environment. It provides a training facility to the cyber security workers to learn how to defense by replaying various cyber threat incidents in an enterprise network environment. This process will give a realistic experience of defense thinking and operations. During the exercise, the TA will provide necessary assistance to the trainee to follow the defense process and capture the idea behind the cyber-attacks. After finishing each exercise, the instructor will discuss in depth about the hacker’s thinking, the defense techniques and the way to improve the detection and defense process. For example, when facing the ransomware, Advanced Persistent Threat or DDoS attack, the playbook will replay of realistic security incidents to let the trainee to learn security incident detection and defense plaining ability for various attacks. By providing various simulated attacks, the trainee can learn how to defend the cyber-attacks and to elevate their capabilities in cyber threat detection, incident analysis and cyber security threat assessment. The ultimate goal is to gain the ability to prevent future cyber security incidents, knowledge of the advanced cyber security defense techniques, and the ability to utilize security equipment and software applications. Having these capabilities, the cyber security workers shall be able to defend future cyber-attacks and reduce the risks of intrusion to the enterprise and guarantee continuous and uninterrupted network operations.

    Course Outline

    • Intrusion Prevention, e-mail security, and web security
    • IoT vulnerability, attack, and defense exercise
    • Data loss detection, tracking and protection

    Suggested equipment specifications for Attendee

    • Notebook Computer (Windows or Mac) that can install the Cisco AnyConnect and VMWare Horizon Client

    Attendee Prerequisite Skills for the Course

    • Basic knowledge of information security

The Next Generation of Cybersecurity Simulation Training System, Tokyo Olympics Anti-terrorism Designated ~ International Well-known Cyberbit Blue Team Training System: Trojan Data Leakage Scenario

  • Time: 03/20 12:30 - 14:30
  • Venue: TICC 203
  • Speaker

    Project Manager,Institute for Information Industry Tzu-Hsien Chuang

  • Speaker

    Senior Engineer,Institute for Information Industry Andy Lin

  • Course Description

    The cybersecurity simulation training system is Israel’s well-known Cyberbit Range Training system.

    We will practice the most three common threats as for the CyberSec 2019 CyberLAB program, they are: Apache Shutdown, Trojan Data Leakage, and SQL Injection.

    Through hand-on practice of the complete scenario, the trainees will know how to judge different attack behaviors and then propose proper response measures. Each exercise will take around 1.5 hours. The simulations are as following:

    • Trojan Data Leakage Scenario: In this scenario, the system sends an infected e-mail with a link to a Trojan executable. When the executable is opened, a Trojan is installed. The Trojan performs a local search of secret files and sends them to the attacker by e-mail.

    Course Outline

    • HOW TO DETECT SUSPICIOUS TRAFFIC TO BLACKLISTED ADDRESS
    • HOW TO LOCATE THE MALWARE EXECUTABLE FILE
    • HOW TO DETECT ABNORMAL MAIL ACTIVITY
    • HOW TO ANALYZE ATTACK IMPACT
    • HOW TO DETECT INFECTING EMAIL WITH LINK TO THE TROJAN FILE
    • HOW TO REMEDIATE THE VULNERABILITY AND MITIGATE THE ATTACK

    Suggested equipment specifications for Attendee

    • All equipment is prepared by Cybersecurity Technology Institute, Institute for Information Industry.

    Attendee Prerequisite Skills for the Course

    • Basic knowledge of network security and information security.
    • Familiar with database operations and basic understanding of malware principles. 

Cyber Defense Exercise - Web intrusion and defensive practice

  • Time: 03/20 14:00 - 15:30
  • Venue: TICC 401
  • Speaker

    Cyber Defense Exercise Team Member,National Center for High-performance Computing Cyber Defense Exercise Team Member

  • Course Description

    Students will be connected to the CDX platform course environment through VPN.

    The stuednt will be practice attack or defensive.

    The target host in the course environment will be used as a practice object to simulate the small company website being hacked.

    In the course, the instructor leads the students who cosplay hacker to intrusion/DDoS target hosts step by step, and then leads the students who cosplay defensive role to solve the intrusion/DDoS events.

    Course Outline

    • Web intrusion practice and corresponding countermeasures against intrusion techniques
    • DDoS practice and mitigate DDoS

    Suggested equipment specifications for Attendee

    • Can connect to the Internet
    • Installed Fortinet VPN Client

    Attendee Prerequisite Skills for the Course

    • Linux command
    • TCP/IP
    • Web

How to improve the cyber resilience through BlueTeam CTF exercise

  • Time: 03/20 12:30 - 14:30
  • Venue: TWTC 1 Conference Room No.4
  • Speaker

    Senior Cybersecurity Researcher,CyCarrier Technology Chung-Kuan Chen

  • Course Description

    In the face of inevitable cyber breaches today, the National Institute of Standards and Technology (NIST) has released the new framework of cybersecurity. Traditional cybersecurity model is used to make sure the enterprises are not breached, while the new cybersecurity strategies focus on sustainable business operation and agile systems recovery when being compromised. Therefore, incident response and resilience have become the survival techniques in this unpredictable environment when cyber threats occur.
    In this session, we will use BlueTeam CTF for training monitoring, hunting, and investigating skills as our main goal. There will be some kinds of real cases for students to think and forensic as a hacker from different attacking situations. Through these situations, students can create timeline and attacker activity mapping and find out the tactic, techniques, and procedures the hacker is using, which can improve their visibility and sensibility. Also from this session students can improve their resilience ability from this practice. By investigating and analyzing different scenario, this session will bring a great support in real scenario and strengthen enterprise cyber security strategies.

    Course Outline 

    • BlueTeam CTF Introduction
    • Practice Scenario Introduction
    • Cyber Resilience Model Introduction and Discussion
    • Conclusion

    Suggested equipment specifications for Attendee

    • Laptop

    Attendee Prerequisite Skills for the Course

    • Cyber security practitioner

     

15:30 - 17:30

The Next Generation of Cybersecurity Simulation Training System, Tokyo Olympics Anti-terrorism Designated ~ International Well-known Cyberbit Blue Team Training System: Trojan Data Leakage Scenario

  • Time: 03/20 15:30 - 17:30
  • Venue: TICC 203
  • Speaker

    Project Manager,Institute for Information Industry Tzu-Hsien Chuang

  • Speaker

    Senior Engineer,Institute for Information Industry Andy Lin

  • Course Description

    The cybersecurity simulation training system is Israel’s well-known Cyberbit Range Training system.

    We will practice the most three common threats as for the CyberSec 2019 CyberLAB program, they are: Apache Shutdown, Trojan Data Leakage, and SQL Injection.

    Through hand-on practice of the complete scenario, the trainees will know how to judge different attack behaviors and then propose proper response measures. Each exercise will take around 1.5 hours. The simulations are as following:

    • Trojan Data Leakage Scenario: In this scenario, the system sends an infected e-mail with a link to a Trojan executable. When the executable is opened, a Trojan is installed. The Trojan performs a local search of secret files and sends them to the attacker by e-mail.

    Course Outline

    • HOW TO DETECT SUSPICIOUS TRAFFIC TO BLACKLISTED ADDRESS
    • HOW TO LOCATE THE MALWARE EXECUTABLE FILE
    • HOW TO DETECT ABNORMAL MAIL ACTIVITY
    • HOW TO ANALYZE ATTACK IMPACT
    • HOW TO DETECT INFECTING EMAIL WITH LINK TO THE TROJAN FILE
    • HOW TO REMEDIATE THE VULNERABILITY AND MITIGATE THE ATTACK

    Suggested equipment specifications for Attendee

    • All equipment is prepared by Cybersecurity Technology Institute, Institute for Information Industry.

    Attendee Prerequisite Skills for the Course

    • Basic knowledge of network security and information security.
    • Familiar with database operations and basic understanding of malware principles. 

Cyber Defense Exercise - Web intrusion and defensive practice

  • Time: 03/20 16:00 - 17:30
  • Venue: TICC 401
  • Speaker

    Cyber Defense Exercise Team Member,National Center for High-performance Computing Cyber Defense Exercise Team Member

  • Course Description

    Students will be connected to the CDX platform course environment through VPN.

    The stuednt will be practice attack or defensive.

    The target host in the course environment will be used as a practice object to simulate the small company website being hacked.

    In the course, the instructor leads the students who cosplay hacker to intrusion/DDoS target hosts step by step, and then leads the students who cosplay defensive role to solve the intrusion/DDoS events.

    Course Outline

    • Web intrusion practice and corresponding countermeasures against intrusion techniques
    • DDoS practice and mitigate DDoS

    Suggested equipment specifications for Attendee

    • Can connect to the Internet
    • Installed Fortinet VPN Client

    Attendee Prerequisite Skills for the Course

    • Linux command
    • TCP/IP
    • Web
Mar. 21(四)
09:00 - 12:30
12:30 - 14:30

Cyber Range: Practical network attack defense practice

  • Time: 03/21 14:00 - 17:30
  • Venue: TICC 202
  • Speaker

    Professor / Director,Department of Computer Science and Engineering / Computer Center,Tatung University Tsang-Long Pao

  • Course Description

    The Cyber Range is a simulated cyber security war-game environment. It provides a training facility to the cyber security workers to learn how to defense by replaying various cyber threat incidents in an enterprise network environment. This process will give a realistic experience of defense thinking and operations. During the exercise, the TA will provide necessary assistance to the trainee to follow the defense process and capture the idea behind the cyber-attacks. After finishing each exercise, the instructor will discuss in depth about the hacker’s thinking, the defense techniques and the way to improve the detection and defense process. For example, when facing the ransomware, Advanced Persistent Threat or DDoS attack, the playbook will replay of realistic security incidents to let the trainee to learn security incident detection and defense plaining ability for various attacks. By providing various simulated attacks, the trainee can learn how to defend the cyber-attacks and to elevate their capabilities in cyber threat detection, incident analysis and cyber security threat assessment. The ultimate goal is to gain the ability to prevent future cyber security incidents, knowledge of the advanced cyber security defense techniques, and the ability to utilize security equipment and software applications. Having these capabilities, the cyber security workers shall be able to defend future cyber-attacks and reduce the risks of intrusion to the enterprise and guarantee continuous and uninterrupted network operations.

    Course Outline

    • Intrusion Prevention, e-mail security, and web security
    • IoT vulnerability, attack, and defense exercise
    • Data loss detection, tracking and protection

    Suggested equipment specifications for Attendee

    • Notebook Computer (Windows or Mac) that can install the Cisco AnyConnect and VMWare Horizon Client

    Attendee Prerequisite Skills for the Course

    • Basic knowledge of information security

The Next Generation of Cybersecurity Simulation Training System, Tokyo Olympics Anti-terrorism Designated ~ International Well-known Cyberbit Blue Team Training System: SQL injection Scenario

  • Time: 03/21 12:30 - 14:30
  • Venue: TICC 203
  • Speaker

    Project Manager,Institute for Information Industry Tzu-Hsien Chuang

  • Speaker

    Senior Engineer,Institute for Information Industry Andy Lin

  • Course Description

    The cybersecurity simulation training system is Israel’s well-known Cyberbit Range Training system.

    We will practice the most three common threats as for the CyberSec 2019 CyberLAB program, they are: Apache Shutdown, Trojan Data Leakage, and SQL Injection.

    Through hand-on practice of the complete scenario, the trainees will know how to judge different attack behaviors and then propose proper response measures. Each exercise will take around 1.5 hours. The simulations are as following:

    • SQL injection Scenario: In this scenario, the system attacks a known public web server using SQL. The attacker enables the internally-stored SQL procedure xp_cmdhsell, which is later used to extract all of the users’ computer names and emails form the active directory (AD) using PowerShell scripts, and to stop the internal server’s services using the remote Service Control Manager. The attack is performed repeatedly until the trainees stop the attack.

    Course Outline

    • HOW TO DETECT A NEW WEB CRAWLING INCIDENT IN THE SIEM SYSTEM
    • HOW TO DETECT DOMAIN SERVICES FAILURE ON ZENOSS SYSTEM
    • HOW TO RESTART DOMAIN SERVICES
    • HOW TO DETECT AND ANALYZE REASON FOR DOMAIN SERVICES FAILURE
    • HOW TO REMEDIATE THE VULNERABILITY AND MITIGATE THE ATTACK

    Suggested equipment specifications for Attendee

    • All equipment is prepared by Cybersecurity Technology Institute, Institute for Information Industry.

    Attendee Prerequisite Skills for the Course

    • Basic knowledge of network security and information security.
    • Familiar with database operations and basic understanding of malware principles. 

How to improve the cyber resilience through BlueTeam CTF exercise

  • Time: 03/21 12:30 - 14:30
  • Venue: TWTC 1 Conference Room No.4
  • Speaker

    Senior Cybersecurity Researcher,CyCarrier Technology Chung-Kuan Chen

  • Course Description

    In the face of inevitable cyber breaches today, the National Institute of Standards and Technology (NIST) has released the new framework of cybersecurity. Traditional cybersecurity model is used to make sure the enterprises are not breached, while the new cybersecurity strategies focus on sustainable business operation and agile systems recovery when being compromised. Therefore, incident response and resilience have become the survival techniques in this unpredictable environment when cyber threats occur.
    In this session, we will use BlueTeam CTF for training monitoring, hunting, and investigating skills as our main goal. There will be some kinds of real cases for students to think and forensic as a hacker from different attacking situations. Through these situations, students can create timeline and attacker activity mapping and find out the tactic, techniques, and procedures the hacker is using, which can improve their visibility and sensibility. Also from this session students can improve their resilience ability from this practice. By investigating and analyzing different scenario, this session will bring a great support in real scenario and strengthen enterprise cyber security strategies.

    Course Outline 

    • BlueTeam CTF Introduction
    • Practice Scenario Introduction
    • Cyber Resilience Model Introduction and Discussion
    • Conclusion

    Suggested equipment specifications for Attendee

    • Laptop

    Attendee Prerequisite Skills for the Course

    • Cyber security practitioner
15:30 - 17:30

The Next Generation of Cybersecurity Simulation Training System, Tokyo Olympics Anti-terrorism Designated ~ International Well-known Cyberbit Blue Team Training System: SQL injection Scenario

  • Time: 03/21 15:30 - 17:30
  • Venue: TICC 203
  • Speaker

    Project Manager,Institute for Information Industry Tzu-Hsien Chuang

  • Speaker

    Senior Engineer,Institute for Information Industry Andy Lin

  • Course Description

    The cybersecurity simulation training system is Israel’s well-known Cyberbit Range Training system.

    We will practice the most three common threats as for the CyberSec 2019 CyberLAB program, they are: Apache Shutdown, Trojan Data Leakage, and SQL Injection.

    Through hand-on practice of the complete scenario, the trainees will know how to judge different attack behaviors and then propose proper response measures. Each exercise will take around 1.5 hours. The simulations are as following:

    • SQL injection Scenario: In this scenario, the system attacks a known public web server using SQL. The attacker enables the internally-stored SQL procedure xp_cmdhsell, which is later used to extract all of the users’ computer names and emails form the active directory (AD) using PowerShell scripts, and to stop the internal server’s services using the remote Service Control Manager. The attack is performed repeatedly until the trainees stop the attack.

    Course Outline

    • HOW TO DETECT A NEW WEB CRAWLING INCIDENT IN THE SIEM SYSTEM
    • HOW TO DETECT DOMAIN SERVICES FAILURE ON ZENOSS SYSTEM
    • HOW TO RESTART DOMAIN SERVICES
    • HOW TO DETECT AND ANALYZE REASON FOR DOMAIN SERVICES FAILURE
    • HOW TO REMEDIATE THE VULNERABILITY AND MITIGATE THE ATTACK

    Suggested equipment specifications for Attendee

    • All equipment is prepared by Cybersecurity Technology Institute, Institute for Information Industry.

    Attendee Prerequisite Skills for the Course

    • Basic knowledge of network security and information security.
    • Familiar with database operations and basic understanding of malware principles.