White Wolf Security :: Cyber Exercises and Cyber Conflict Leadership Training

At A Glance

Welcome to the most complex cyber exercise competition of its kind hosted at the top information security training event in the world.
Defenders must protect complex networks including power grid nodes, phones, cameras and servers.
Attackers are given free rein to attack whatever they want, however they want. Come see how real hackers operate when there are no consequences for their actions.
Choose your Pack: Defend, Attack or Field Op. They all have missions and only some will survive.
Three evenings of competition. October 1st - 3rd, 5pm to 10pm at Caesar's Palace.

The Scenario

Two Men Enter - One Man Leave

This year’s ICE II will feature Paul and Larry of pauldotcom.com in a hacker throwdown to see who is the best network attacker and defender. Paul and Larry will each have a major network to defend, while they also attack each other. The event is open to all SANS Las Vegas attendees. Players can pick a side, defend their own network, attack at will or view and snipe from a distance.

Winners

Paul or Larry?
Best defending team
Best attacker
Random prizes awarded to those in the room

What is an ICE?

ICE is the Integrated Cyber Exercise; a scenario that puts a group of Red Cell hackers against multiple teams of Blue Cell defenders. Each defending team is given a small network infrastructure with a router, firewall, servers and desktops. The Blue Cells are responsible for keeping their network alive and functional with real services such as email, e-commerce and DNS. The Red Cell is responsible for attacking the Blue Cell network.

The Network

White Wolf Security is building one of the most complex exercise networks in the world. Servers, desktops, IP surveillance cameras, wireless, VoIP, even IP-controlled SCADA components are all in play.

Spectators can play, too

Spectators are loaned desktops and VoIP phones and are encouraged to interact with the live environment. They can call into the Blue Cell, send traffic or even form alliances with th Red Cell and forward attacks.

Plenty of places to hide

New this year is a custom distributed traffic generator. Clients in the exercise will be generating large volumes of legal traffic. Somewhere within this traffic are the attackers…

Key features and scoring

The ICE network not only facilitates the exercise, but is designed to collect data and simulate a wide array of network activities. Some of the key features of the exercise:

MapQuest-driven scoring engine that geo plots IP assets and shows their status across geographic regions.
3D visualization of scoring rounds.
Tracking and scoring of Red Cell and Blue Cell performance.
Dynamic business injects - emails sent to teams that simulate real world business requests.
Full packet capture - all the traffic across the defenders' firewalls is captured using custom-built full packet capture devices.
Distributed intrusion detection.
Spanning and trunk port replication allows you to compare IDS systems against identical traffic.
Full SCADA support - custom-built IP SCADA devices control power flow to the teams.
Full VoIP support - we can implement any call list or phone number scheme necessary.
Distributed client-side traffic generation. Custom-built traffic generator to send/receive traffic from anywhere in the network environment.

Live Hacking

Real networks, real data, real attacks. Come watch some of the world's best security professionals attack live systems in an all-out competition.

Spectators

Come watch the 3D scoring and listen to commentary from PaulDotCom. Or better yet; participate. Spectators are provided phones and computers to interact with the defending and attacking teams in real time.