Description

A training and demonstration service to conduct a simulated campaign of cyber criminals attacking an organization's resources, bypassing various security measures and gaining access to key systems in the IT infrastructure.

In the course of providing this service, potential methods for detecting these activities will be discussed, and technical and organizational measures to minimize them will be presented.

The demonstration will include a virtual environment with multiple servers that simulate typical services encountered in IT infrastructures. The environment will contain the most common bugs and vulnerabilities that are targets for cybercriminals. During the presentation, the aforementioned bugs and vulnerabilities will be used to gain unauthorized access to a specific server, and ultimately to gain full privileges across the entire infrastructure. Once the security of each server has been breached, an analysis will be conducted to identify how the intrusion could have been avoided. Available solutions that could have protected against the attack and how to find traces of such an attack will also be discussed.