Cyber Defence Exercises /

Crossed Swords Exercise


30 Jan-2 Feb 2018

An on-site exercise oriented at penetration testers working as a single united team, accomplishing the laid out mission goals and technical challenges in a virtualized cyber environment. The main focus is tactical stealthy execution skill development in a responsive cyber defense scenario.

Technical cyber defence exercises typically are aimed at exercising information system defence personnel capabilities (i.e. Blue Teams) at the same time having a real time opposing force played by security specialists and penetration testers (i.e. Red Team). To advance the readiness and sophistication of the Red Team members and their ability to deliver increased performance, a dedicated training is required


Training audience

Sponsoring and partner nation governmental, national institutions, CERT teams, industry, and NATO NCIRC representatives.

Participants are expected to have principal skills and expertise in network- and client side based attacks, penetration testing and exploitation. Preferable previous participation experience in technical cyber defence exercises. Red teaming experience will be considered as an advantage.

Training objectives:

  • practice evidence gathering and information analysis for technical attribution
  • execute responsive cyber defence scenario for target information system infiltration. Identify the origins of malicious activities and stop them.
  • employment of stealthy execution and attack approaches. Evaluate special execution tactics applicability for fast paced operations
  • exercise working as a united team in achieving the laid out mission objectives (attribution evidence gathering and malicious service takedown)
  • develop red teaming skills needed for target information system takeover (client side targeting, web based attacks, malware and system exploitation, network and service based attacks). Train RT tool usage, information exchange and situational awareness provision

Scope of technical challenges

The goal of the overall team is to follow scenario and choose the further action paths in order to gain initial access, and further escalate it to reach the overall mission goals and training objectives. Each sub team (e.g., network, client-side, web/database, and exploit development) is allocated to a specific area of expertise and is being supervised by assigned members from the Centre or supporting entities.

Additional information available from events-at-ccdcoe-.-org.