Cyber Training for Municipalities > Municipal Cyber Range
Catalyst Municipal Cyber Range Program
The Catalyst Municipal Cyber Range program consists of two cyber range sessions led by an experienced cybersecurity trainer. Learners will be walked through key cybersecurity concepts, with discussion centered around the municipal context, while getting hands-on experience in the Catalyst Cyber Range.
Target Audience: This program is for municipal employees across Canada, including IT professionals and junior cyber professionals. We can accommodate a maximum of 20 participants.
Why Cyber Range
This hands-on environment provides a safe space for your team to build technical skills without the risk of a real threat. It enables you to:
- Think like an attacker to proactively identify weaknesses in your systems and strengthen your defenses.
- Gain practical experience using professional-grade tools to respond to and contain a cyberattack.
- Prepare for a real attack by practicing incident response in a realistic, risk-free setting.
Session Dates:
- Incident Response and Ransomware (IR&R)
- Date: Wednesday May 6, 1:00 – 4:00 PM
- See Scenario Description Below
- Incident Response: Identification and Containment (IR:IC)
- Date: Tuesday May 12, 1:00 PM – 4:00 PM
- See Scenario Description Below
Cost: Registration for both sessions is $945 + HST
Scenario Descriptions
This scenario replicates an enterprise environment, with a LAN, DMZ and SOC. The Red Team needs to find a vulnerability on the WordPress Server in the DMZ and then find a way to pivot from the DMZ to the LAN. The Blue team needs to monitor Palo Alto, DMZ server and Windows logs from their Splunk console in the SOC to discover alerts and IOCs. They should be able to detect the attackers’ attempt to gain control of the victim’s machine in the LAN via a reverse-shell. Finally, the red team escalates with a ransomware injection which the blue team must detect and respond to.
A medical clinic is compromised to gain access to secure records and exploit vital medical equipment. Participants will experience this cyber event from the viewpoint of the attacker, soc analyst and the victims. Participants will use multiple attack methods including social engineering to gain access to multiple endpoints including medical devices. As security analysts they will work to identify the threats and contain them using multiple security defensive tools including Security Information and Event Management System (SIEM) and enterprise firewall.