Last Saturday, we hosted our totally re-imagined CMD+CTRL Cloud Cyber Range at DEF CON 28 “Safe Mode”. Security Innovation has been participating in the Contests and Events at DEF CON for years. Still, this year was unique for two huge reasons: it was totally remote, and we debuted our first ever Cloud Infrastructure Cyber Range.

Luckily, we’ve been hosting fully remote events for our CMD+CTRL customers for quite some time, especially recently! We’ve helped our customers re-imagine their training programs as virtual and delivered dozens of successful events, just in 2020. This was a little different because everything was coordinated over discord and twitch. However, the DEF CON contest and event organizers were absolute pros, and the event was perfect.

It was exciting to give DEF CON attendees an exclusive sneak peek of our Cloud Cyber Range. This range departs from our other ranges in a number of ways. Of course, being focused on common cloud vulnerabilities such as infrastructure issues and cloud misconfigurations is a huge difference. Players are also guided through the day using our new chatbot platform. During the event, multiple hacking personalities are introduced, giving players different missions and hints. This platform adds a layer of realism through a deep storyline and fun as players exfiltrate data, manipulate firewalls, and steal credentials. If the players get stuck, they can work on different challenges given by one of the other “hackers” or wait for hints they may provide. Additionally, every vulnerability is linked to the MITRE ATT&CK framework, so players can refer back to that to discover new avenues of attack.

We opened the event to the first 200 registrants, and we were happily surprised that the ranks were filled within hours. Every player has their own vulnerable AWS cloud infrastructure to play with. Due to the range’s complexity and realism, each player uses and interacts with 60 different servers and AWS services. So, in the 30 minutes before the event started, we launched 12,000 fully connected AWS servers and services!

Want to check out our new Cloud Infrastructure CMD+CTRL Cyber Range? Here's a sneak peek!

Congratulations to the top 10 players! There were some names and handles that I recognized from past events, but we also had a lot of new names on our list. I love that our platform is exciting and inviting for players of all backgrounds and abilities.

defcon28scoreboard

We got great feedback from the players as well. We love doing these free events to help demonstrate the value of the platform.

  • Cool new type of range! Definitely a unique addition to the overall portfolio.
  • This is the coolest CTF I’ve done. The chatbots were a nice touch.
  • Man I can’t get over how awesome that CTF was.
  • SI team, just wanted to congratulate you again on the BEST webapp-hacking platform out there.
  • Really fun the whole way through. Loved the chatbots giving hints and actual credentials that granted access being the flags. Great mix of web app, sys admin, and infra sec problems.

This year’s DEF CON certainly presented new challenges for all of the participants, contests, and events. We’re excited to continue helping the security community as a whole and one of the best security conferences out there with the CMD+CTRL platform. If you have a team that needs to learn about common cloud vulnerabilities and misconfigurations on a fun and interactive cybersecurity platform, please get in touch!