International

CyberEx 202

#CyberEx23

International CyberEx 2021

 1 OBJECTIVE

CONTENTS 2 PARTICIPATION
REQUIREMENTS
INTERNATIONAL 2.1 Teams
2.2 Registration

CYBEREX 2023 2.3 Technical Requirements

2.4 Rules

3 NEXT STEPS
3.1 Registration
3.2 Selection of Participants
4 Máx. 3.3 Delivery of Access Credentials
3.4 Test Session, Information About The Test
and Questions.

4 Máx.
3.5 Execution of the Cyber Exercise
3.6 Closing Session

4 RESOURCES
4.1 Cyber Exercise Website

4.2 CTF Exercise Platform

4.3 Technical Support and Resolution

of Incidents
4.4 Awards

International CyberEx 2023

1 OBJECTIVE
The purpose of the International CyberEx is to carry out a cyber exercise among THE CYBER
EXERCISE WILL
the Member States of the Organization of American States (OAS) and countries
invited by the National Institute of Cybersecurity of Spain (INCIBE) in order to
strengthen the ability to respond to cyber incidents, as well as to improve
collaboration and cooperation in these types of incidents. The exercise
focuses directly on technical security profiles with strong knowledge in the
TAKE PLACE IN
fieldof Information and Communication Technologies (ICT).
FORM OF CTF
The cyber exercise will take place in form of a CTF (Capture the Flag) in small
teams. This format is based on a model of cyber security competition and is (CAPTURE THE FLAG)
designed to serve as a training exercise that allows participants to gain
experience in tracking an intrusion, as well as to improve reaction capacities to
cyber attacks analogous to those that happen in the real world. There are two
IN SMALL TEAMS
main styles for the CTF: attack/defense and jeopardy. The latter is suitable for
expanding technical capabilities.

Jeopardy-style competitions are usually composed of several categories of

3
problems, each containing a variety of questions of differentvalues. Teams Mín.
compete in an 8-hour session to be the first to solve the greatest number of
challenges, but do not directly attack each other Mín.

The countries that may participate are the OAS Member States as well as the
countries of the CSIRTs invited by INCIBE. Each country may have 1 or more
representative teams which shall include professionals from various fields and
reinforce collaboration between institutions. The final selection of teams will be
made by INCIBE and the Cybersecurity Program of the OAS

The language used during the cyber exercise will be English.

International CyberEx 2023

 PARTICIPATION
2 REQUIREMENTS
Each country may have one or more representative teams th at must meet the
following requirements.

2.1. TEAMS Teams may consist of:

Experts from the public

CSIRTs or private sector,

military, academia,
and civil society
Cyber Security
Incident Response
Teams (CSIRTs)

Each team can count with a maximum of 4 members and a minimum of 3 members
according to the following distribution:
1 captain who will act as coordinator of the team and will be the sole point of
contact with the organizers.
From 2 to 3 team mates who will support the captain to solve the different
challenges. The profile of the team members should be that of a technician with
experience and knowledge in ICT security in at least one or more of the following
fields:

» Knowledge in ICT security especially in the management of incidents in information security

» Experience in managing security incidents and electronic fraud.
» Experience in analysis of compromised systems, SPAM, systems and security networks.
» Experience in malware analysis, both static and dynamic, and use of process automation tools such as
behavior analysis, running analysis, etc.
» Experience in computer forensics. Experience in the use of tools that support the process of gathering and
analyzing information.
» Experience in security audits: Methodologies, tools and technical experience in security audits or pentesting.
» Experience in administration and bastion of operating systems.
» Experience in network management and communications hardware, racks and applications and support
services to security equipment.

International CyberEx 2023

 PARTICIPATION
2 REQUIREMENTS
2.2. REGISTRATION 2.4. RULES
In order to be elegible for participation in the
The following rules must be met by participants given that violating this code of
cyber exercise, the team of each country must
conduct will disqualify the entire team and lead to exclusion of the competition:
register at the online form:
https://www.surveymonkey.com/r/CYBEREX2023
1 Participants must behave in a
professional manner at all
2 Participants will not manipulate
or attempt to modify any element
times. of the platform, including the rating
2.3. TECHNICAL REQUIREMENTS system and the administration panel.

The participating team is required to have at least the 3 Denial of Service attacks are
not permited. 4
Brute force attacks are not allowed,
unless specifically requested
following resources:
allowed. otherwise.
Client server:
5
Offensive actions to attack or
Desktop PC or laptop.
Do not restart, shut down or
disable services or functions of
6 interfere with the systems of other
Browsers supported: Chrome (preferred) or Firefox target systems. participants are not allowed.
(both in the latest versions).
Participants will not attempt
7 to deceive or collaborate with 8 Participants must compete without
Internet connection with sufficient band width help from people outside the
participants of other teams.
per user: competition.

Minimum: 1 Mbps download and 100kbps upload It is not allowed to publish Only the ranking of the 10
Recommended: 3 Mbps download and 1Mbps 9 information about the competition, 10 best teams will be announced.
how to solve the objectives or the The rest of the positions will be
upload
flagsof the same, without written anonymous.
Although not mandatory, it is recommended consent from INCIBE.
that each participant has access to an
additional machine (virtual or physical) that
has a distribution Kali Linux or similar.

International CyberEx 2023

3 NEXT STEPS
The cyber exercise will consist of several phases with the following milestones and dates.

3.1. REGISTRATION 3.4. TEST SESSION,

In order to participate in the cyber exercise, the captain of
each team must register it through the online form at the
INFORMATION ABOUT THE
following web address: EXERCISE AND DOUBTS
https://www.surveymonkey.com/r/CYBEREX2023.
Once the captains of the selected teams have been
The online form will be available from May 15, 2023 to notified, a test of connectivity to the platform and
June 9, 2023 at 16:00 (UTC). credentials will be carried out, as well as an informative
session with all the participants in which an introduction
3.2. SELECTION OF to the use of the platform will be given. After the
explanation, any doubts and questions raised by the
PARTICIPANTS captains will be answered.
This session will take place by videoconference and
Once the registration phase is closed, the organizers of online chat on June 28, 2023 at 14:00 (UTC) with an
the cyber-exercise will contact the captains of the estimated duration of 1 hour
selected teams via email to notify them if they have been
selected to participate.
3.5. EXECUTION OF THE
Given that the maximum number of teams in the
cyberexercise is limited, the OAS and INCIBE will make a
CYBER EXERCISE
selection of participants among all registered teams For the execution of the cyber-exercise, all participants
based on criteria to be defined between both must connect to the platform. The captains must also use
organizations, among which may take into account the videoconferencing and chat to be informed, at the
participation of as many countries as possible, and the beginning, of the starting situation and to be able to
prioritization of national reference CSIRT teams. contact the organizers during the execution.
The notification by email will be made on June 19, 2023. The date of the exercise will be July 11, 2023 from 14:00
(UTC) to 22:00 (UTC), with an estimated duration of 8
hours.
3.3. DELIVERY OF ACCESS
CREDENTIALS 3.5. CLOSING SESSION
Prior to the test session, the organizers will contact each Once the execution has been completed, a
participant via email to deliver the credentials to access videoconference session will be established with all the
the platform. participants in which the results of the cyberexercise will
The credentials will be delivered by email on June 22, be reported. The closing session will take place on July
2023. 11, 2023 at 22:00 (UTC).

International CyberEx 2023

4 RESOURCES
The cyber exercise is developed on the basis of challenges in the CTF
(Capture the Flag) jeopardy format and will include the following resources.

4.1. CYBER EXERCISE WEBSITE use of an exploit that disables a system). This shared
environment is reserved at a given point in order to avoid
The technical team will pay particular attention
during the execution of the exercise to perform
The cyber exercise website overlapping and allows for stability and adaptability to support tasks and deal with incidents.
https://www.incibe.es/en/events/international-cyberex develop the challenges.
will be the reference point for the participating teams and will In case of technical problems that prevent the
contain at least the following information: Once the user connects to the environment, she/he: normal accomplishment of the competition, the
Receives information on the challenges. organization reserves the right to apply the
Public: necessary measures that allow to continue the
Receives information about the flags to be captured.
Explanatory summary of the cyber exercise and simple execution of exercise.
Sends the captured flags to be validated.
instructions for the execution.
Accesses the system of hints. Only the team captain can
Technical requirements for participation.
Frequently asked questions (FAQ).
request hints 4.4. AWARDS
Has all general information, as well as access to a help
Calendars with the key dates of the cyber exercise. Teams that rank at the top of the cyber-exercise will
section.
Online registration form. be eligible for a number of rewards, which will be
Will know her/his progress in the game as well as the
Private: relative position compared to other participants reported during the execution of the cyber-exercise
User manual of the platform. and during the closing session of the cyber-exercise.
Access to the platform to solve the challenges. To inquire about these rewards after the end of the
A good coordination between team members and their exercise, please contact the organization at the
4.2. CTF EXERCISE
captain is a fundamental part of the cyber exercise, and following address: cybersecurity@oas.org
should be strengthened. INCIBE reserves the right to limit
PLATFORM the access to the platform only to certain users (for
example, only to captains), or to modify the flow of the
exercise during the execution of the same if the
INCIBE will provide the exercise platform and the necessary
circumstances require it. Participants should be prepared
infrastructure for the execution of the challenges, the game
for such events.
system and scoring. The backend of the platform includes a
provisioning system to create the virtual infrastructure
according to the scenario. It further includes a monitoring
system which verifies that virtual networks, systems and “flags” 4.3. TECHNICAL SUPPORT
(target systems, services or processes, files, etc.) are available
and functioning correctly. The platform includes access and AND RESOLUTION OF
account control functions, logging, security controls,
manageability and performance of the infrastructure, etc.
INCIDENCES
In addition, it allows to start several copies of the same scenario, The technical team of the organizers will be in charge of
climbing horizontally. Load management and balancing allow for offering the necessary support in all phases of the cyber
adjustment of performance and mitigation if the scenario is exercise, from the presentation of the initiative up to the
damaged as a result of players’ actions (for example: improper closing session.

International CyberEx 2023

International
CyberEx 202

#CyberEx23

International CyberEx 2021