This is my first blog about the NICE Challenge, so it is going to be a little wordy. This initial post will give a brief overview of what NICE Challenge is, and then transition into the actual challenge itself. If you want to go straight to the challenge, skip down to the Challenge header below or click the link at the very bottom to read my write-up.
What is the NICE Challenge Project?
Before defining what the NICE Challenge Project is, I'll first talk about what NICE is. NICE stands for the National Initiative for Cybersecurity Education led by the National Institute of Standards and Technology (NIST). NICE was created as a partnership between government, academia, and the private sector whose sole focus is supporting the United States' ability to address current and future cybersecurity education and workforce challenges through standards and best practices.
Some of you reading this may have heard of NIST 800-181 which is loosely known as the NICE Framework. It is essentially a method of creating a common lexicon of cybersecurity job descriptions and tasks in order to improve communication on how to identify, recruit, develop, and retain cybersecurity talent. To get a better understanding of this, check out this LINK where you can look up these standardized job roles, a brief description of what the role entails, and a breakdown of the knowledge, skills, and abilities (KSAs) required to perform the job. For example, the one I look at frequently is the work role for a Cyber Defense Analyst. The reason why it is important for me to bring up this information is because the NICE Challenges all map to these tasks and KSAs which is awesome! Additionally, the challenges are also mapped to Center of Academic Excellence (CAE) Knowledge Units, which is yet another cybersecurity education standardization body. It gives you a tangible frame of reference of how you can describe your hands-on practical skills obtained from participating in these challenges.
What is the NICE Challenge Project. . .AGAIN!
From their website:
The NICE Challenge Project develops real-world cybersecurity challenges within virtualized business environments that bring students the workforce experience before the workforce. Our goal is to provide the most realistic experiences to students, at-scale year-round, while also generating useful assessment data about their knowledge, skills, and abilities for educators.
In simpler terms, it is a realistic cyber range that gives students hands-on practical experience in various cybersecurity tasks. As of this writing, there are 109 unique challenges spread across 12 different work roles spanning 273 NICE Framework KSAs and tasks!!! Nothing needs to be installed to participate (unless you plan to use a VMRC as your method of interacting with the VMs). The icing on the cake is that every single one of these challenges are FREE!
You may be asking, "Rodney, why haven't I ever heard of this program? How can I participate?" First, the NICE Challenges are for educational institutions, educators, and students. It isn't available for the general public like other platforms. As of this writing, they only provide access to accredited U.S. based educational institutions. This is the reason why I'm able to participate in these challenges: my university, WGU, participates! So if you're a student at an accredited U.S. educational institution but are not using this platform as a resource, inquire about it. If your school doesn't participate, have a faculty or staff member apply to be a curator on the website.
The challenges are not a la carte, and students do not get free reign to the entire library. Currently, WGU schedules one of these challenges every 2 weeks during the weekend. Each challenge is open for approximately 2 days. The curator is the one that selects the specific challenges they want their school to participate in, and the challenges are scheduled in advance months ahead of time.
No part of what we do is a simulation. We aim to create the most realistic experience possible. When working on a challenge the player has admin level access to real virtual machines in a real network which have access to the internet. The only difference between our challenge environments and the real world is they have a reset button if it all goes horribly wrong.
Challenge 13: Malware Aftermath Cleanup
This was the first challenge I participated in as a WGU student, and it was a GOOD one! I didn't know it at the time, but this challenge was part of a new series that NICE was calling "Protect & Defend". And if you know me, this was right up my alley since I bleed blue-team!
Each NICE Challenge has the following core elements: a narrative-driven scenario, a business environment (workspace), and a set of technical objectives and/or a written deliverable. Each of these elements is developed to immerse the player (student) in a real-world experience and create a valuable set of data allowing their curator (educator) to judge their readiness for the workforce.
In this challenge, I was presented with a company called Pretty Safe Electronics. While the environment loads, they have a cool messenger conversation between employees that appears to give the student an idea of the scenario; what happened and what needs to be done. Malicious activity was discovered on their network and I needed to go through their affected systems to collect any malicious artifacts, and if any changes were made to the host systems due to the malware, I needed to remediate the harmful effects.
Just to give you a sense of the scope of this challenge, here is the network map:
Map It Up!
As I mentioned above, each challenge maps to NICE Framework KSAs and tasks and CAE KUs (wow, that's a mouthful). This is how this challenge mapped out:
NICE Framework KSA
K0004. Knowledge of cybersecurity and privacy principles.
K0005. Knowledge of cyber threats and vulnerabilities.
K0070. Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
K0162. Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).
K0167. Knowledge of system administration, network, and operating system hardening techniques.
K0259. Knowledge of malware analysis concepts and methodologies.
S0003. Skill of identifying, capturing, containing, and reporting malware.
S0079. Skill in protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters).
CAE Knowledge Units
Cybersecurity Foundations
Cybersecurity Principles
Operating Systems Administration
Operating Systems Concepts
NICE is Nice
I found this initial experience with the NICE Challenge very beneficial. It gave me hands on experience (for the first time) with a pfSense router. It was really fun investigating the network for malicious activity, thwarting the root of that activity, quarantining the malicious artifact, and then identifying and removing a malicious user from a system--all while ensuring the MSP still had access to the network. I know that future challenges won't be exactly like this blue-team related one, so I'll enjoy this one for now. For an in-depth look at what I did in the challenge, please check out my write-up in the link below.
Comentários