25,000 spectators, 6,000 solo participants and 138 teams in cyber exercises – how CyberCamp 2024 went

A few days ago, we held the main online camp on practical cybersecurity for the third time – CyberCamp 2024. It took place from October 3 to October 5 online. Over the course of three days, more than 6,000 solo participants completed tasks on the event platform and 138 teams competed in cyber exercises.

Subject CyberCamp 2024 – attack chain, Cyber ​​Kill Chain, so at the same time, participants listened to reports from information security specialists on how to build effective protection against cyber attacks. Every day, 25,000 viewers tuned in to the live broadcast of the event.

We tell you how the largest cyber exercises in Russia took place.

16 mission scenarios and 50+ people in the headquarters. Behind the scenes of cyber exercises

A total of 16 scenarios for team cyber exercises were developed in corporate and student leagues. Jet Infosystems, Security Code, IT Bastion, R-Vision, Axel PRO, and the Standoff team took part in their development.

“Every year we try to use new mechanics and non-standard tools: this year we paid a lot of attention to analyzing malware using various methods. It was necessary to work directly with malware files and collect additional information about them in analytical databases. In addition, there were very voluminous tasks, such as the scenario with PT NAD “NADA Points”, where the number of flags was close to forty. Despite the increased complexity of the scenario, both corporate and student teams showed unexpectedly high results in it, collecting most of the attack artifacts,” says Dmitry Kazmirchuk, head of the cyber exercise service group at the Jet Infosystems Information Security Center.

“The tasks were created based on attacks that we encountered during investigations and were also tested in the laboratory as part of the Detection Engineering process,” adds Pavel Ivanov, leading analyst of the cyber research group Jet CSIRT “Jet Infosystems.”

Over three days, participants in team cyber exercises were asked to study all aspects of the killchain: predict, emulate, detect, prevent attacks at each stage of the “kill chain” and stop hackers.

On the first day, participants in the cyber exercise dealt with data substitution, tried to increase privileges within the system, investigated suspicious activity in unusual infrastructure, etc. On the second day, they demonstrated the ability to analyze malware, investigated a complicated chain of events, exploited host vulnerabilities, etc. And on the final day, On the third day, we analyzed the incident in the process control system and demonstrated the ability to work with SOAR solutions and intrusion detection and prevention systems.

During a cyber exercise CyberCamp 2024 there was a special headquarters where more than 50 specialists monitored the correct operation of the platform non-stop, helped teams when technical difficulties arose, were responsible for the stream for viewers, etc.

“We were preparing a huge infrastructure, which consisted of workstations, servers and security equipment. In total, more than two and a half thousand virtual machines were used. And we supported all this for three days,” says Olga Eliseeva, head of the Jet CyberCamp service and head of the technical directorate of Jet Infosystems.

We went with the desire to win.” Who won the cyber exercise CyberCamp 2024

The largest cyber exercise in Russia, which took place for the third time, brought together 138 teams: 92 teams competed in the corporate league, 46 in the student league. In total this is more than 600 people. They were selected from 2,000 applicants – to participate in cyber exercises CyberCamp 2024 465 teams competed.

All participants were divided into three factions – Blue (monitoring and investigation team), Red (offensive security team), Yellow Team (team of architects and methodologists). The Red Team won the faction competition, and the following teams scored the most points in the cyber exercise.

Corporate League

First place: DeepPurple – 2850.81 points

Second place: akPots_team — 2794.76 points

Third place: CheemSquad – 2719.45 points

“We went with the desire to win, since second place last year showed that we can do better. To do this, we carefully selected the team and balanced the “red” and “blue”. The event itself went well, the tasks were varied and interesting. We got used to getting up at 8 in the morning and going to bed at 2 in the morning, since the main work did not go away,” says Philip Kuznetsov from the DeepPurple team.

Student League

First place: EXE1sior (Far Eastern Federal University) – 2459.77 points

Second place: KOTN (Pacific State University) – 2419.35 points

Third place: Ransom_abcd (Tyumen State University) – 2349.31 points

“The tasks are cool, we really liked them. I was especially pleased with Sokoban. In general, this is the first such experience for us, but we were able to win,” says Artyom Pryakhin from the EXE1sior team.

The best participants in the corporate league received 300,000, 200,000 and 100,000 rubles, and the student league received 100,000, 70,000 and 50,000 rubles. In addition, the top 6 teams of the student league (EXE1sior, KOTN, Ransom_abcd, IBEEE, MagicCrew, TTPI) reached the finals of the International Cybersecurity Games – they will take part in the Standoff cyber battle. This is the first time CyberCamp participants have been given this opportunity.

“Our viewers were scratching their fingers to get to the last level.” About interactive experiences for viewers

In parallel with team cyber exercises, interactive exercises were held for solo participants: more than 30 tasks were developed for them.

In preparing interactive sessions for individual participants CyberCamp 2024 this year the speakers participated for the first time. Viewers, for example, were invited to deal with the attackers together with Pavel Ivanov from Jet Infosystem, answer questions about encryption programs from Oleg Skulkin from BI.ZONE, and investigate the incident together with Lada Antipova from Angara Security, study a malicious domain with Vitaly Evsikov from Inseca, answer questions about detection rules with Diana Kozhushok from R-Vision, study audit logs with Anastasia Petrova from Biocad, answer questions about DDoS attacks with Curator, investigate an attack together with Vladislav Azersky and Ivan Gruzd from FACCT, etc.

The speakers themselves also took part in interactive sessions after the reports — they took quizzes, guessed images generated by the neural network and answered questions from viewers live.

There were also entertaining tasks for spectators on the platform. One of them is to complete the game Cyber ​​Kill Snake.

“Every year for the event we develop a game that our spectators could play and have a great time. In 2024, we came up with Cyber ​​Kill Snake. Players had to guide the snake through all the traps, collect the Kill Chain and carry out the attack. The game turned out to be very dynamic – our viewers were rubbing their fingers to get to the last level,” says Alexander Morkovchin, head of the development department of the consulting department of the information security center at Jet Infosystems.

“This was my first experience.” CyberCamp 2024 as a platform for debuts

Total broadcast CyberCamp 2024 There were 25 presentations from representatives of Jet Infosystems, BI.ZONE, FACCT, Positive Technologies, R-Vision, Kaspersky Lab, Security Code, etc. For three days, speakers told how to build effective protection against cyber attacks and increase cyber resilience .

CyberCamp 2024 became the debut platform for many speakers. Thus, Axel PRO information security architect Vyacheslav Belyankin, who deployed the infrastructure for the first CyberCamp, made a presentation for the first time at CyberCamp 2024.

“The preparation process was as simple and clear as possible. I formulated the topic, submitted it to the organizers for consideration, prepared a report, passed the review, and spoke. The time frame for preparing the report is reasonable, the support is great, I hope to speak next year,” says Vyacheslav.

Boris Nesterov, a member of the winning team of the CyberCamp 2023 corporate league, who last year spoke for CyberNoobs, also made his debut as a speaker at the online camp. Today Boris is a cybersecurity threat research analyst at R-Vision, CyberCamp 2024 he presented the report “Pumping up the monitoring subsystem: detecting attacks using solutions based on eBPF.”

“It’s much harder to act as a speaker. This is my first experience. I was especially worried when I answered the presenter’s questions after the report – some of them were very unexpected. I will continue the practice of public speaking,” concludes Boris.

Boris’s colleague Diana Kozhushok, head of the R-Vision cybersecurity threat analysis and identification group, also spoke for the first time.

“This is my first experience of participating in such a large-scale event, and, of course, I was worried, but I managed to cope with the excitement and correctly convey the material,” says Diana.

“It is important to prepare in advance the abstracts and key statements that you will use during the report,” advised future speakers Ivan Gruzd, an incident response and digital forensics specialist at FACCT, who also made his presentation debut at CyberCamp 2024.

Not just tasks. Lamp evening broadcast and anime series

In addition to the main presentations, for the first time at CyberCamp an evening broadcast was launched, where representatives of the Blue Team (Pavel Ivanov, leading analyst of the cyber research group Jet CSIRT “Jet Infosystems”), Red Team (Georgy Starostin, CISO of SOGAZ JSC), Yellow Team (Anton Gavrilov, product manager Axel PRO) discussed cyber exercises and the successes of the teams, and also played board games and just had a hearty chat. Elena Ageeva, leading information security consultant at Jet Infosystems and host of CyberCamp MeetUp, was in charge of the airwaves.

“We wanted the audience to relax after completing the tasks and spend a wonderful Friday evening in our cheerful company. We managed to recreate a homely atmosphere – at times it seemed as if we were visiting someone. It was “warm and safe.” What I liked most was the game of the weakest link: despite the guys’ concerns about the difficulty level of the questions, they all did a great job. I even had to apply the speed factor so that someone would still make a mistake,” says Elena.

Also for the entertainment part CyberCamp 2024 answered the heroes of the CyberCamp anime series “The Hero’s Path. Continuation” – this year they are back with new exciting adventures. Together with the participants of the online camp, the characters dismantled the killchain of a large-scale cyber attack that hit the Chain of Victory game and now threatens the entire city.

“I am very inspired by the anime series CyberCamp. On the one hand, it is reminiscent of well-known stories where technology plays a key role, such as those used in “Black Mirror” and “Mr. Robot”, on the other hand, it refers to the work of information security specialists who similarly investigate a chain of investigations,” says Anastasia Petrova, CISO Biocad.

“I’m really looking forward to the development of the cartoon and I hope that by the next CyberCamp a full season of the anime will be released, consisting of eight episodes,” adds Alexander Terekhov, process automation manager at Jet Infosystems.

Anime series “The Hero's Path. Continuation” is available on the Jet Infosystems social networks at Rutube and in VK. Recordings of the reports will soon be published there. See you next year!