This cybersecurity initiative involved 64 participants from 26 different institutions, divided into 10 groups. The winning team in this computer attack and defense exercise promoted by the Foundation for Science and Technology, through the FCCN unit, was made up of members from the University of Coimbra and the Polytechnic Institute of Cávado and Ave.
For two hours, each group had to discover vulnerabilities in the other teams' systems and defend the three systems they had access to. In order to build a platform that would allow this attack and defense exercise, in a totally remote format, they used vulnerabilities in PHP, PERL and WORDPRESS, among others.
Carlos Friaças, manager of the RCTS CERT service at FCCN and responsible for organizing the 1st RCTS Cyberrange, tells us how the first edition of the initiative went:
How did the dynamic unfold?
Each team was given access to three servers. The idea was to mitigate any vulnerabilities they found, so that the other teams couldn't carry out successful attacks.
Since all the teams' servers were on the same network, the participants also had the opportunity to attack the other teams' servers, exploiting existing vulnerabilities.
Three servers with different vulnerabilities were also created, where there was intentionally no mitigation effort.
The exercise also included a leaderboard, which recorded points for successful attacks and removed points when vulnerabilities were exploited.
What was the aim of the exercise?
Practice defense and attack in a controlled environment. Given the difficulties created during the exercise, our aim was for the participants to gain knowledge of some security vulnerabilities.
Who were the participants?
We had members of the IT teams of 26 members of RCTS - Rede Ciência, Tecnologia e Sociedade , who work in cybersecurity or systems administration.
How were the teams formed?
The teams were defined by the organization. Each team had 7/8 members and a geographical criterion was respected as far as possible.
When is the next RCTS Cyberrange expected?
In the same way, it is difficult to determine, but once the platform is available, it will only be necessary to provide servers with different vulnerabilities to those of this exercise in order to carry out another one. We are probably aiming for 2025.
What conclusions were drawn from this challenge?
The debriefing was held immediately after the end of the two-hour exercise, explaining what vulnerabilities there were.
Carlos Friaças concludes his testimony with a positive assessment and a request to the participants: "The level of participation was excellent and it is important to thank everyone for their willingness to take part in an initiative of this kind, and also to take the opportunity to ask them to fill in the questionnaire/survey that was sent out."