International CyberEx is an initiative of OAS (Organization of American States), INCIBE (Spanish National Cybersecurity Institute) and CNPIC (Spanish National Centre for Infrastructure and Cybersecurity) that seeks to strengthen the ability to respond to cyber incidents, as well as to improve collaboration and cooperation in this kind of incidents.
The last edition was held on September 10, 2020 between 14:00 UTC and 22:00 UTC. Statistics and the final ranking of the teams can be consulted in the previous editions section.
The purpose of the International CyberEx is to carry out a cyber exercise among the Member States of the Organization of American States (OAS) and of the countries invited by the National Institute of Cybersecurity of Spain (INCIBE) in order to strengthen the ability to respond to cyber incidents, as well as to improve collaboration and cooperation in this type of incident. The exercise focuses directly on technical security profiles with strong knowledge in the field of Information and Communication Technologies (ICT).
The language used during the cyber exercise is English.
The cyber exercise will take place in form of a CTF (Capture the Flag) in small teams. This format is based on a model of cyber security competition and is designed to serve as a training exercise that allows participants to gain experience in tracking an intrusion, as well as to improve reaction capacities to cyber attacks analogous to those that happen in the real world. There are two main styles for the CTF: attack/defense and jeopardy. The latter is suitable for expanding technical capabilities.
Jeopardy-style competitions are usually composed of several categories of problems, each containing a variety of questions of different values. Teams compete in an 8-hour session for being the first to solve the greatest number of challenges but do not directly attack each other.
Teams may consist of Cyber Security Incident Response Teams (CSIRTs) or experts from the public or private sector, military, academia, and civil society.
Each team can count with a maximum of 4 members and a minimum of 3 members according to the following distribution:
- 1 captain who will act as coordinator of the team and will be the sole point of contact with the organizers. In addition, the captain will be in charge of delivering the flags captured and of requesting the clues that are available for each challenge.
- From 2 to 3 team mates who will support the captain to solve the different challenges.
The profile of the team members should be that of a technician with experience and knowledge in ICT security in at least one or more of the following fields:
Knowledge in ICT security especially in the management of incidents in information security.
- Experience in managing security incidents and electronic fraud.
- Experience in analysis of compromised systems, SPAM, systems and security networks.
- Experience in malware analysis, both static and dynamic, and use of process automation tools such as behavior analysis, running analysis, etc.
- Experience in computer forensics. Experience in the use of tools that support the process of gathering and analyzing information.
- Experience in security audits: Methodologies, tools and technical experience in security audits or pentesting.
- Experience in administration and bastion of operating systems.
- Experience in network management and communications hardware, racks and applications and support services to security equipment.
The participating team is required to have at least the following resources:
- Desktop PC or laptop.
- Browsers supported: Chrome (preferred) or Firefox (both in the latest versions).
- Internet connection with sufficient bandwidth per user:
- Minimum: 1 Mbps download and 100Kbps upload.
- Recommended: 3 Mbps download and 1Mbps upload.
Code of conduct
The following rules must be met by participants given that violating this code of conduct will disqualify the entire team and lead to an exclusion of the competition:
- Participants must behave in a professional manner at all times.
- Participants will not manipulate or attempt to modify any element of the platform, including the rating system and the administration panel.
- Denial of Service attacks are not allowed.
- Brute force attacks are not allowed, unless specifically specified otherwise.
- Do not restart, shut down or disable services or functions of target systems.
- Offensive actions to attack or interfere with the systems of other participants are not allowed.
- Participants will not attempt to deceive or collaborate with participants of other teams.
- Participants must compete without help from people outside the competition.
- It is not allowed to publish information about the competition, how to solve the objectives or the flags of the same, without written consent from INCIBE.
- Only the ranking of the 10 best teams will be announced. The rest of the positions will be anonymous.
All the detailed information can be checked downloading Dossier 2020
Before cyber exercise
1. Will information about the scenario (topology, credentials, operating systems, network devices) be available previously?
No, information about the scenario will not be shared previously.
2. Any recommendations before?
- Prepare and plan the resources you will need to meet the technical requirements.
- Read carefully the competition rules and the platform handbook you will receive.
- Join the previous meeting (introductory and test sessions).
During cyber exercise
3. How can we access to International CyberEx environment?
Environment will be accessible via web browser. We will provide the URL to the participants.
4. Will there be a limit of connections or IP addresses for each team?
There will be an user per team member, but only one connection per team member is allowed. If you have n team members, you will have n users and n simultaneous connections are allowed, one per user.
5. If we answer a flag wrong, do you subtract points?
No, you can try various times answering a flag without losing points.
6. Will there be parallel challenges to solve? Or will there be only one challenge at a time?
Yes. Each flag will unlock one or more tasks to solve, so you can advance in parallel most of the time.
7. Will it be necessary a write-up after each challenge describing what has been done?
No write-up will be needed.
8. Do you have hints in flags?
Yes, you have three hints for each challenge, but all hints subtract points to the whole team. Only the team captain can request a hint.
9. Will there be a scoreboard?
Yes, there will be a scoreboard, so every team can see all scores. But it could be switched off one hour before end of the exercise to create some buzz between teams.
10. How does scoreboard work?
Each flag has a defined amount of points and these points are added to team when team captain answers it rightly. The only thing that subtract you points is asking for hints, and you will receive a confirmation message notifying how many points will be subtracted to the flag.
You can try to answer a flag as many times as you want, there are no limitations or penalties.
No bonus points are available, reaching a flag before other teams doesn't give you more points.
11. Will users be monitored in order to check that the rules are followed?
Yes, there will be "marshals" monitoring the platform. So first bad behavior is a warning, second bad behavior is a kick-out.
Misbehaviour examples are:
- Attacking to the infrastructure
- Denial of service
- Removing files from machines
A complete list of rules is available in player documentation.
12. May misbehaviour of a member disqualify the team?
Yes, misbehaviour of a team member will disqualify the whole team.
13. Could we ask organization for support during cyber exercise?
Yes, during the exercise you can send us technical questions through the support channel.
14. Will information about the scenario (topology, credentials, operating systems, network devices) be available?
No, we will not share information about the scenario. You will get small pieces of information when you advance through the scenario.
15. Any recommendations during cyber exercise?
- Be patient.
- Use the hints if you have problems. Sometimes is better to go through the next flag, losing some points.
- Syntax is important, a small modifier may be critical for answering wrong a flag.
After cyber exercise
16. Will the official write-ups be published?
We don't expect to publish or share the official write-ups after the exercise.
17. Will ranking be public?
Only TOP 10 teams will be announced. The rest of the positions will be anonymous.