[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!

[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services

[Successor to CentOS] AlmaLinux OS server construction/migration service

[For WordPress only] Cloud server “Web Speed”

[Cheap] Website security automatic diagnosis “Quick Scanner”

[Reservation system development] EDISONE customization development service

[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”

[Compatible with over 200 countries] Global eSIM “Beyond SIM”

[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”

[Global exclusive service] Beyond's MSP in North America and China

[YouTube] Beyond official channel “Biyomaru Channel”

Participated in cyber range exercise

2017.07.19

Server construction/operation

This is Sashihara from the System Solutions Department.

The other day, on June 20th, I participated in a cyber range exercise held by Ni Cyber Security Co., Ltd.

I personally learned a lot, so I will give a brief summary.

What is Cyber Range?

Cyberbit Range -
A simulation training platform focused on how to respond to cyber attacks

It is a cyber warfare simulation platform developed for the Israeli Armed Forces and used by more than 15 organizations around the world, including the British, Swiss, and Singaporean governments.
The company has the world's top market share in flight simulators for fighter pilots, and utilizes its know-how to provide simulation education for practical cyber defense.
Quote: Cyber Range - Ni Cyber Security

Simply put

What should I do if I receive a cyber attack?

What should I do after receiving a cyber attack?

This is an exercise in which you can learn the contents in a practical manner.

Exercise content

We will respond to any incidents that occur during the exercise.

This includes determining priorities and response policies for the incident, and responding accordingly.

Basically, this is done in a team structure, but each person is divided into three roles.

The role is roughly as follows.

alert analyst

Monitor incidents and see when, where, and what happened.

incident responder

Actual response when an incident occurs.

commander

Manage and report incidents and the movements of each employee.

My first job was as an incident responder, which is what I usually do.

The second time I worked as an alert analyst.

Thoughts on the exercise

It was still difficult because they launched a full-scale attack.

I can decide to some extent how to respond, but since there are a lot of them, I ended up attacking another server while I was checking.

I realized how important it is to share information, as I saw members looking at the same server, and some members getting stranded for a long time.

I learned a lot because attacks like this can actually occur during operations.

Please try participating if you have a chance!

If you found this article helpful , please give it a like!

[2025.6.30 Amazon Linux 2 support ended] Amazon Linux server migration solution

[Osaka/Yokohama] Actively recruiting infrastructure engineers and server side engineers!

The person who wrote this article

About the author

Ryosuke Sashihara

I tried using Google Chrome's headless mode because it seemed like I could do detailed external monitoring [IDCF] A story about how I tweaked CloudStackAPI when building a jmeter execution environment for load testing.