MISA–Catalyst Cyber Range
Technical cyber range training tailored for municipal IT professionals
Overview
The MISA-Catalyst Cyber Range program brings together MISA’s insights on the challenges faced by municipalities with Rogers Cybersecure Catalyst’s expertise in cybersecurity training and its unique cyber range platform. The cyber range platform allows participants to react and respond to various cyber threats within an ultra-realistic environment – one that looks like your organization’s digital network architecture.
Municipal Information Systems Association, Ontario (MISA Ontario) is a non-profit organization that provides technology focused online resources, directories, and events targeted to municipalities of all sizes. Their objective is to foster an engaged and active community of municipal professionals, at all levels, to share information, experiences and promote municipal IT practices in order to provide better and more cost-effective services to municipal taxpayers and clients. We represent 200+ municipalities and organizations, representing 1400+ dedicated professionals working towards more effective government.
Program Streams
The program is offered via two streams – Beginner and Intermediate – each comprising two cyber range workshops led by an experienced cybersecurity trainer. Learners will be walked through key cybersecurity concepts, with discussion centered around the municipal context, while getting hands-on experience in the Catalyst Cyber Range. Participants will undergo a short preparatory session in advance of their cyber range experience.
The program costs $945 per seat, with a maximum of 20 participants per cohort. There is a 10% discount when signing up for both streams. Participants will be tested on their learnings and receive a certificate of completion at the conclusion of the program.
Programming has been developed jointly by MISA Ontario and the Catalyst to respond to the specific needs of municipal IT professionals. The Beginner stream is designed for municipal IT professionals who are new to cybersecurity, and will include two three-hour cyber range workshops (Cybersecurity Essentials A and B).
Workshops include: Cybersecurity Essentials A & Cybersecurity Essentials B
Dates: Tuesday, March 4 & Tuesday, March 11, 2025
Time: 1:00 PM – 4:00 PM
Location: Virtual via Zoom
Workshop Description
Participants will receive practical experience using vulnerability assessment tools. They will learn the basics of network analysis and investigate malicious network traffic in Wireshark.
Participants will also go through the scenario from a hacker point of view that involves vulnerability identification, system exploitation, credential collection, and maintaining access to compromised systems.
About Cybersecurity Essentials A
In this scenario participants will go through four modules relating to cybersecurity. They will start by learning about recon and exploitation using Kali Linux acting like a penetration tester. Then moving on to wireshark to do an investigation of digital evidence obtained during a cyber event. In module 3 a vulnerability assessment is done against a network infrastructure. Finally in module 4, participants will act like a hacker and attempt to exploit a web application using tools found on Kali Linux.
Skills developed: Recon and port scanning; Metasploit Framework basics; Hash cracking tools; Nessus and vulnerability assessment tools; Wireshark investigations; Web application tools
About Cybersecurity Essentials B
In this scenario participants will go through four modules relating to cybersecurity. They will start by using digital evidence obtained on a compromised server. The participant will use volatility to do some forensics on a memory dump. In module 2 the participant will act like a hacker running an exploit against Active Directory. Participants will then move on to escalating privileges with the domain and compromising new accounts. In module 4 the participant will receive multiple pieces of digital evidence and investigate an exfiltration of data trying to determine when and how it happened.
Skills developed: Wireshark analysis; Digital Forensics tools; Metasploit Framework tools; Wireshark filters; Log investigation
Programming has been developed jointly by MISA Ontario and the Catalyst to respond to the specific needs of municipal IT professionals. The Intermediate stream is designed for municipal IT professionals who have some knowledge of cybersecurity, and will focus on incident response. The stream consists of two three-hour cyber range workshops (Incident Response and Ransomware, and Incident Response: Identification & Containment).
Workshops include: Incident Response & Ransomware & Incident Response: Identification & Containment
Dates: Tuesday March 18 & Tuesday, March 25, 2025
Time: 1:00 pm – 4:00 pm
Location: Virtual via Zoom
Workshop Description
In these scenarios, participants will get to act like a hacker, breaking into multiple servers and/or domain controllers across a realistic network environment. They will get to create a phishing campaign, exploit multiple systems, as well as creating and deploying ransomware.
Participants will then identify these attacks from a Blue Team perspective using licensed enterprise grade tools such as Palo Alto, Fortigate, and Splunk.
The Intermediate Stream consists of two workshops: Incident Response & Ransomware and Incident Response: Identification & Containment.
About Incident Response & Ransomware
This scenario replicates an enterprise environment, with a LAN, DMZ and SOC.
The Red Team needs to find a vulnerability on the WordPress Server in the DMZ and then find a way to pivot from the DMZ to the LAN. The Blue team needs to monitor Palo Alto, DMZ server and Windows logs from their Splunk console in the SOC to discover alerts and IOCs. They should be able to detect the attackers’ attempt to gain control of the victim’s machine in the LAN via a reverse-shell. Finally, the red team escalates with a ransomware injection which the blue team must detect and respond to.
Skills developed: SIEM monitoring with Splunk; Firewall monitoring with Palo Alto; Exploit Frameworks such as Metasploit; Ransomware toolkits.
About Incident Response: Identification & Containment
In this scenario a medical clinic is compromised to gain access to secure records and exploit vital medical equipment. Participants will experience this cyber event from the viewpoint of the attacker, soc analyst and cybercrime investigators. Participants will use multiple attack methods including social engineering to gain access to multiple endpoints including medical devices. As security analysts they will work to identify the threats and contain them using multiple security defensive tools including SIEM and enterprise firewall.
Skills developed: SIEM Threat Hunting with Splunk; Firewall monitoring with Fortigate; Social Engineering Attack; Identification of attacks using Indicators of Compromise; Remote code Execution exploits.
MISA-Catalyst Cyber Range Virtual Open House
To learn more about both streams, please attend our free MISA-Catalyst Cyber Range Virtual Open House.
When: Wednesday, January 22nd, 1:00 – 1:30 PM
Where: Virtual (Zoom)
Not sure where to begin? Start here
Join us as we work to strengthen the cybersecurity of municipalities across Canada. Start by downloading our free Cybersecurity Incident Response Plan checklist. Connect with our team to learn more about customized training options for municipal organizations.