> CyberPatriot Training
Welcome to the CyberPatriot Training page. The Modules below provide an introduction to cybersecurity, and are intended to help teams prepare for CyberPatriot. If you have any questions or comments, please feel free to contact us.
CyberPatriot V Rules Book
New Training Materials
Archived Training Materials
Goals in Competition
During competition, these objectives must be met:
In the past, CyberPatriot has competed with these images:
In our images, CyberPatriot scores with a CyberNEXS client (the Ubuntu Learning Image does not include CyberNEXS). When you first log into the image, the CyberNEXS client will present you with a registration page. Upon successful registration, CyberNEXS will create a Get_My_Status.html file. This file reports the score during competition. In Windows, it will be under C:/Get_My_Status.html. In Ubuntu, it will be under /Get_My_Status.html
Due to the CyberNEXS client, there are parameters that must not be tampered with:
Ubuntu is the GNU/Linux variant used during online rounds of the CyberPatriot competition. There are a variety of guides, books, and a forum with offer an introduction to Ubuntu for CyberPatriot participants. Teams may find it helpful to download a clean (no pre-configured vulnerabilities) image of Ubuntu with which to practice (the link can be found below). You can also check out www.distrowatch.com for practice images of, and information on, other Linux distributions such as Fedora, Mint, Debian, etc.
To create an Ubuntu 10.04 image:
There exist many different flavors of GNU/Linux, and it is a subset of Operating Systems (OSes) known as Unix-Like, or *nix, OSes. This group of OSes posses common attributes, and that is called "Portable Operating System Interface for Unix", or POSIX. One shared trait is that all have a command line, or shell. The Bourne Again Shell (Bash Shell) has become the de facto standard in *nix. One of the most attractive features of the Bash shell is its ability to be scripted. A couple of network config commands to be familiar with are:
The POSIX directory structure is another unified structure, but it is much different than the Windows directory structure. Some important filesystem components to look at are the /proc and /etc/init.d file system.
If you have any issues with *nix OSes, the best resources are man page, documentation, forums for that Distribution, the IRC Channel for that OS, and Google. Almost any problem that you have had, someone else has most likely had the same issue and has solved it. However, please remember to ask questions in a smart way.
The Windows family of OSes encompasses Desktops, Servers, and Embedded systems. Although Windows OSes heavily use Graphical User Interfaces (GUIs), Windows all have a shell. The XP-based OSes (Windows XP and Windows Server2003) only have the Command Prompt (cmd.exe). The Vista and 7 based OSes (Windows Vista, Windows 7, Windows 2008, Windows 2008 R2) also have the Powershell. We recommend looking at the Microsoft TechNet site for learning more about these OSes. Here are some important parts of Windows we recommend looking at:
Learning about the Internet
We all use the Internet on a daily basis and we certainly use it in the CyberPatriot competition, we highly recommend possessing technical knowledge of how the Internet works. Some important concepts to learn include:
The US Computer Emergency Response Team (US CERT) is a great resource on learning about cyber defense. They release a lot of material on how to stay safe online and how many computer defenses work. Comodo also has a great resource on understanding many cyber threats and how cyber defense work. SAIC also has two videos on how to secure *nix and Windows Systems. Some concepts to be familiar with:
Learning Security Programs
There exist many security programs to look at and try. Below are some of our recommendations:
Though we have given you several resources to look at, this is not an exhaustive guide. The best thing you can do to educate yourself is to keep asking questions and figure out how things work. Feel free to look up resources on your own, and never underestimate Google. Also, if you feel you have a new or better link for us to post, feel free to send us a message.