SANS Cyber Ranges focus on the practical application and assessment of hands-on cybersecurity training. The cyber range enables you and your team to apply skills you’ve learned in a curated and isolated environment, that gives you insight into what you are excelling at, and what you need to focus more on. You walk away with real world experiences on how to handle situations, without the real-world risk associated with practicing on live production equipment and systems. Then when you are back in the office you are prepared for whatever threats come your way. And as new threats and exploits come up, you can trust SANS to provide you with the latest information, research and strategies to deal with them all.
- Competitive and gamified
- For individuals and teams
- Practice and assess skills
- Isolated environments
- Capture-the-flag ranges & real-world simulations
- Expert tactics, hints, and tips
- Reduced response times
- Cyber Ranges for all skill levels
- Always up to date and cutting edge
New NetWars Core Version 8!
Overview
SANS NetWars Core Version 8 is a new and exciting Cyber Range from SANS. Featuring AWS cloud content and more — it has fun story driven challenges to keep you engaged in learning and practicing your essential cybersecurity skills. We’ve also eliminated the need to download large VM files locally — 100% browser based challenges!
Story
A next-generation hacker, Trace R. Tee, was destined for great things until someone started messing with the timeline. Travel through time and assist a doctor in setting things right. Stop the bad actors, find out who’s behind the attacks on Trace, and become the new assistant the universe needs!
NetWars Continuous
Get the cybersecurity assessments and practice you need, at your convenience with NetWars Continuous.
- 24/7 Access for 4 months
- Comprehensive set of disciplines and focus areas
- Scenario based challenges
- and more!
NetWars is our premier Cyber Range, appropriate for all cybersecurity skill levels. NetWars poses a series of multifaceted, interactive and situational cybersecurity challenges. The challenges test a wide variety of disciplines and subject matter across 5 levels that increase in difficulty. These challenges may be completed individually or as a team. NetWars also features an automated hint system to help participants solve questions they may find particularly difficult. The available hints help participants develop new skills and ensure that every participant steadily progresses through the challenge.
- For individuals and teams up to 5, of all skill levels
- Custom virtual machine based challenges
- Scorecard of you or your teams performance upon completion
- Automated hint system; hints do not affect scores
- Real time score board of players/teams
All NetWars contains 5 levels, progressively increasing in difficulty, for players to advance through as they achieve and master new skill sets. This structure allows all participants, from beginners to experts, to find a fit for themselves in our ranges.
Level 1
For people new to information security (infosec) who are building their skills from the ground up.
Level 2
For entry-level infosec professionals with solid capabilities, who are beginning to build skills in specialized areas.
Level 3
For mid-level infosec pros with years of industry experience already under their belts, who are above average in skills and disciplines.
Level 4
For senior-level infosec pros who have developed specialized skills in cyber and are leaders not only at their organizations but also in the industry at large.
Level 5
For the elite-level infosec pros, capable of tackling the most advanced scenarios and challenges.
NetWars Formats
Tournaments vs. Continuous
NetWars Tournament | NetWars Continuous | |
---|---|---|
✓ | FUN COMPETITION - MOST CORRECT ANSWERS IN ALLOTTED TIME | |
✓ | MORE IN-DEPTH LEARNING ENVIRONMENT AND CHALLENGES | |
✓ | EXTENDED CONTENT BEYOND TOURNAMENT MATERIAL | |
✓ | 4 MONTHS OF UNLIMITED 24/7 ACCESS - ANYWHERE, ANYTIME | |
✓ | ✓ | HINT SYSTEM FOR LEARNING OPPORTUNITIES WHEN STUCK |
✓ | ✓ | FOR INDIVIDUALS |
✓ | FOR TEAMS | |
✓ | PRIZES FOR TOP SCORERS | |
✓ | IN-PERSON NETWORKING OPPORTUNITIES | |
✓ | TRAVEL REQUIRED (FOR IN-PERSON TOURNAMENTS) | |
✓ | ✓ | PARTICIPATE AT HOME (LIVE ONLINE TOURNAMENTS & CONTINUOUS) |
✓ | ✓ | 12 CPE CREDITS |
Product Specifications
-
NetWars Core is an industry leading multi-disciplinary cyber range that covers a wide range of subject matter. It is the most comprehensive and diverse of the NetWars focus areas. NetWars Core is recommended for all infosec practitioners.
NetWars Core Version 8 Overview
SANS NetWars Core Version 8 is a new and exciting Cyber Range from SANS. Featuring AWS cloud content and more — it has fun story driven challenges to keep you engaged in learning and practicing your essential cybersecurity skills. We’ve also eliminated the need to download large VM files locally — 100% browser based challenges!
NetWars Core Version 8 Story
A next-generation hacker, Trace R. Tee, was destined for great things until someone started messing with the timeline. Travel through time and assist a doctor in setting things right. Stop the bad actors, find out who’s behind the attacks on Trace, and become the new assistant the universe needs!
Example Topics in NetWars Core Tournament:
- Bash and PowerShell skills
- Windows and Linux memory forensics
- Web application challenges
- A “smart home” mobile application
- Vulnerable connected cameras
- Layer 2/DHCP attacks
- BloodHound for Active Directory analysis
- Kerberoasting as an Active Directory attack
- Injection attacks
- Windows exploitation
- Network traffic capture and analysis
- Command Line Kung Fu
- Penetration testing
- Advanced database hacking
- Common Management System vulnerability exploitation
- Reverse engineering and debugging
- Threat detection through log analysis
- Binary exploitation
- Windows and Linux privilege escalation
- Firewall fundamentals
- Cryptographic security and exploitation
- Fuzzing
- Advanced malware analysis
- Social engineering
- Intrusion detection
- WAF evasion
- Linux fundamentals
- Scanning/Enumeration
NEW TOPICS FOR NETWARS CORE V8:
- Linux and Windows basics
- DNS analysis
- Regular expressions
- Light and heavy web application testing (GraphQL included)
- Malware analysis on Windows with SysInternals
- Malware analysis on Linux with common Linux tools
- Exploit/shellcode development
- Network traffic analysis and manipulation with
TCPDump, Wireshark, Tshark, Scapy, and Zeek - Ngrok for reverse shell handling
- SOCKS proxy creation for pivoting
- Log4Shell exploitation of off-the-shelf
(Apache Solr) and a custom application - AWS credential abuse
- Kerberoasting in Windows Active Directory
- SMB fileshare exploration for sensitive information
Computer Requirements:
A modern web browser
Optional: Players may use their own systems and tools for certain challenges -
NetWars Core Continuous is an extension of Core Tournament, meant solely for individuals, and covers an even wider range of subject matter for deeper skills assessment and practice. It is for all individual infosec practitioners and offers the convenience of 4 months of extended access, anywhere in the world.
Extended topics in NetWars Core Continuous include:
- Powershell offense, defense, survival
- API Manipulation
- Hash extension exploitation & Cryptographic security controls
- Linux terminal
- check file contents with head, tail, cat, less, and wc
- check OS version with uname and lsb_release
- verify basics with hostname and whoami
- searching environment variables with env and grep
- verifying user data with /etc/passwd
- testing file access controls with su
- elevated permissions with sudo
- file analysis with strings
- running process analysis with ps
- stopping processes with kill
- command history analysis with .bash_history and grep
- inspecting insecure password storage with recursive grep
- comparing files with diff
- modifying file permissions with chmod
- file integrity checking with md5sum
- Base64 encoding/decoding with base64
- output manipulation with sed, awk, rot13, sort, uniq, tr, and cut
- binary analysis with xxd
- task scheduling with cron
- PowerShell terminal
- filesystem analysis
- environment variable analysis
- running process analysis
- stopping processes
- Base64 encoding/decoding
- searching for files with given name/contents
- file integrity checking
- command history analysis
- compressed file manipulation
- loop operations
- conditional operations
- web requests
- alternate data streams (ADS)
- Packet capture analysis
- analysis with Wireshark
- file extraction from stream with Wireshark
- basic traffic filtering with Wireshark/Tshark display filters
- advanced traffic filtering with Wireshark/Tshark display filters
- malicious traffic identification
- HTTP(S) analysis
- identifying vulnerabilities and flaws with Wireshark and Tshark
- server-side JavaScript Injection (SSJS)
- SQL Injection (SQLi)
- Remote File Inclusion (RFI)
- Insecure File Upload
- Command Injection
- HTTP requests with cURL
- deobfuscating JavaScript with web browser developer tools
- manipulating JavaScript objects with web browser developer tools
- HTTP2 analysis
- vulnerability scanning with Nikto and wpscan
- cookie manipulation
- Network Analysis
- raw connections with netcat
- network connection status with netstat
- port and version scanning with Nmap
- secure file transmission with scp
- dynamic proxies
- malicious traffic matching with Snort
- packet capture with Tcpdump
- filtering traffic with Berkeley Packet Filters (BPF)
- DNS querying with dig, nslookup, and nsupdate
- network defense with iptables
- packet dissection and crafting with Scapy
- application fuzzing with boofuzz
- SMB connections with smbclient
- Penetration testing (system, network, and web application)
- password cracking with John the Ripper
- password guessing with THC Hydra
- password guessing with wfuzz
- exploit research with online, open databases
- exploitation with Metasploit
- SQL database exploitation manually and with SQLMap
- social engineering with the Social Engineering Toolkit (SET)
- cookie stealing with cross-site scripting (XSS)
- malware generation with msfvenom
- LDAP injection
- API manipulation
- deserialization attacks
- manual Windows vulnerability enumeration and exploitation
- privilege escalation
- Scripting
- Python scripting
- Perl scripting
- Forensics
- file forensics with Volatility
- file extraction with Scalpel
- Linux executable analysis with GDB
- Data analysis
- database analysis with SQLite
- regular expressions (regex)
- metadata analysis with exiftool
- PDF analysis with pdftotext
- JSON manipulation with jq
- QR code generation
- Cryptography
- securing data with gpg
- hash extension exploitation
Computer Requirements:
Processor
64-bit, x86, 2.0 GHz+Memory
16GB*HD
40GB+ FreeOperating System
Windows 10 or later, Mac OS 10.15 or later, LinuxSoftware for Range
VMware Virtualization* 8GB is possible with reduced performance
-
NetWars Cyber Defense is specifically focused on cyber defense and threat detection; prevent, defend, and analyze increasingly more complex, real-world attack scenarios against your enterprise, from simplistic, brute-force attacks to ransomware campaigns.
Professionals who should consider taking NetWars Cyber Defense include experienced Security Administrators, Enterprise Defenders, Architects, Network Engineers, Incident Responders, Security Operations Specialists, Security Analysts, and Builders and Breakers.
Example topics in NetWars Cyber Defense Tournament include:
- Cyber Defense
- Threat Hunting
- Log Analysis
- Packet Analysis
- Cryptography
- Windows Administration
- Linux Administration
- Network Security Monitoring
- Continuous Security Monitoring
- Steganography
Computer Requirements:
Processor
64-bit, x86, 2.0 GHz+Memory
16GB*HD
40GB+ FreeOperating System
Windows 10 or later, Mac OS 10.15 or later, LinuxSoftware for Range
VMware Virtualization* 8GB is possible with reduced performance
-
NetWars DFIR is specifically focused on digital forensics, incident response, threat hunting, and malware analysis, that is tool-agnostic, from low level artifacts to high level behavioral observations.
Professionals who should consider taking DFIR NetWars include experienced Digital Forensic Analysts, Forensic Examiners, Media Exploitation Examiners, Malware Analysts, Incident Responders, Threat Hunters, Security Operations Center (SOC) Analysts, Law Enforcement Officers, Federal Agents, Detectives, and Cyber Crime Investigators.
Example topics in NetWars DFIR Tournament include:
- Digital Forensics
- Incident Response
- Threat Hunting
- Malware Analysis
- SIFT Workstation (sans.org/tools/sift-workstation)
- Smartphone Forensics
- Windows Forensics
- MacOS and iOS Forensics
- Network Forensics
- Media Exploitation
- Artifact Analysis
- Rapid Triage
- Database Analysis
- Log analysis
- Malicious attacks
- Network traffic analysis
- Reverse engineering and debugging
- Intrusion detection
Computer Requirements:
Processor
64-bit, x86, 2.0 GHz+Memory
16GB*HD
200GB+ Free. Approximately 50GB download of evidence files and virtual machines.Interface
USB 3.0 | Type-A or dongle with Type-AOperating System
Windows 10 or later, Mac OS 10.15 or later, LinuxSoftware for Range
VMware Virtualization. Participants are expected to either provide their own forensics tools, or use the local VMware VM tools that we provide.* 8GB is possible with reduced performance.
-
NetWars ICS is specifically focused on industrial control systems and operational technology. It employs a literal cookie factory to unite the ICS/OT factions over the one true sweet treat; nom nom cookies. End goal: get the factory machinery working correctly so you and your peers can be rewarded with fresh baked cookies. ICS NetWars will bring players onto the factory floor and expose them to physical equipment and manufacturing components as they work through the NetWars scenario.
Professionals who should consider taking ICS NetWars include experienced Process Control Engineers, ICS/OT cybersecurity practitioners working in operational facilities, and IT cybersecurity professionals supporting ICS environments.
Example topics in NetWars ICS Tournament include:
- Blue Team (Defender) actions
- Asset discovery and infrastructure mapping
- Identifying adversary actions
- log and file analysis
- Endpoint forensics
- ICS-specific malware detection
- Engineering application use
- Process restoration
Computer Requirements:
Processor
64-bit, x86, 2.0 GHz+Memory
16GB*HD
40GB+ FreeOperating System
Windows 10 or later, Mac OS 10.15 or later, LinuxSoftware for Range
VMware Virtualization* 8GB is possible with reduced performance
-
NetWars GRID is similar to NetWars ICS in that it is focused on industrial control systems and operational technology. However, the NetWars GRID scenario is designed around the complex nature of distributed wide-area control systems found in critical infrastructure sectors like electric system operations. Utilizing a variety of real-world technologies found in electrical generation and distribution systems, the challenges are themed to the power system scenario, though the technology, protocols, architectures, and lessons learned are applicable across numerous critical infrastructure sectors beyond the electric sector.
Professionals who should consider taking GRID NetWars include experienced IT and OT cybersecurity professionals supporting SCADA communications and control, field technicians, instrumentation and control, ICS field or plant control systems, and control center OT support teams.
Example topics in NetWars GRID Tournament include:
- Adversary actions
- ICS Stage 1 and Stage 2 kill chain
- Spear phishing
- Command and control
- Credential theft
- Lateral and vertical movement
- Security configuration modification
- Process manipulation
- Situational awareness impacts
- Reliability effects
- System integrity impacts
- Blue Team (Defender) actions and Red Team (adversary) actions*
*Variations of Netwars Grid exists
Computer Requirements:
Processor
64-bit, x86, 2.0 GHz+Memory
16GB*HD
40GB+ FreeOperating System
Windows 10 or later, Mac OS 10.15 or later, LinuxSoftware for Range
VMware Virtualization* 8GB is possible with reduced performance
-
NetWars Mini is a text-based cyber range that is story-driven. It features rich storylines, hints, TAs and game servers similar to other NetWars ranges. However, NetWars Mini is browser based for easier access and deployment.
Example topics in NetWars Mini include:
- Linux command line tools and tricks
- Linux file system permissions and administration
- Command reference/main page treasure hunt
- JSON parsing with “jq”, including bash scripting and database loading
- Firmware analysis
- Reverse engineering/binary exploitation
- Packet captures and “tshark”
- OSINT/exposed Git exploitation
- MySQL analysis/exploitation
- Web app pen testing
- OSINT in social media, metadata, DNS records
- Bash script/menu exploitation
- Redis/PHP database exploitation
- COBOL analysis/programming
- HTTP request smuggling
Computer Requirements:
Internet Access and Chrome, Firefox, Safari, or Edge browsers. -
NetWars Healthcare is based on the technologies and systems found in the medical field. It still features the rich storylines, hints, TAs and game servers as other NetWars ranges, but is browser-based for easier access and deployment.
Example topics in NetWars Healthcare include:
- Telemedicine and web app security
- EMR and incident analysis
- Medical device IoT security
- Ransomware analysis and decryption
- Hospital incident investigation with Windows domain event log analysis
Computer Requirements:
Internet Access and Chrome, Firefox, Safari, or Edge browsers. -
All varieties of NetWars are PCTE compatible.
Persistent Cyber Training Environment (PCTE) is a training platform that supports Joint Cyberspace Operations Forces by providing individual sustainment training, team certification, mission rehearsal, and the foundation for collective training exercises. It leverages existing connectivity to facilitate the sharing of resources, and provides additional cyber “maneuver space.” PCTE enables realistic training with variable conditions to increase readiness and lethality of our Cyberspace Operations Forces, while standardizing, simplifying, and automating the training management process.
PCTE supports the United States Cyber Command (USCYBERCOM) by enabling a critical need for the DoD and Joint Cyberspace Operations Forces to train at the individual, team, and force level. PCTE is one of the five elements of the Joint Cyber Warfighting Architecture (JCWA), provides a comprehensive, integrated cyberspace architecture to achieve and sustain the insight, agility, and lethality necessary for maintaining a competitive advantage against near-peer adversaries. PCTE will integrate and be inter-operable with the other JCWA elements to enable teams to train and rehearse using the available JCWA operational tools and capabilities.
Bootup CTF is a capture-the-flag style cyber range consisting of over 125 multi-disciplinary cybersecurity challenges. It can be played solo or as a team. Bootup runs virtually online for 24-72 hours. Players can log in to participate or log out to take breaks at any time, multiple times, during the open session. Bootup CTF also features an automated hint system to help participants with supporting material and content related to the questions.
- Question and answer format
- Play on your time
- Modular
- Browser based
- A wide variety of topics
Bootup CTF is for individuals and teams of all levels. While the content is primarily beginner to intermediate, it provides an easy and convenient way to challenge yourself on the myriad of topics every cybersecurity professional faces daily. Because of the modular nature of Bootup CTF, you can engage and learn at your own pace, in contrast to the brain-crunching environment of other learning formats. And for the cherry on top, every Bootup CTF features prizes for the top scorers of the game.
Computer Requirements:
Internet Access and Chrome, Firefox, Safari, or Edge browsers.
Upcoming Cyber Ranges
Date | Event | In-Person | Ranges |
---|---|---|---|
May 11-12 | SANS London May 2023 | Core NetWars | |
May 18-19 | SANS Security West 2023 | ✓ | Core, Cyber Defense, and DFIR NetWars |
May 25-26 | SANS Amsterdam May 2023 Wk 1 | Core NetWars | |
June 1-2 | SANS Amsterdam May 20233 Wk 2 | Core NetWars | |
June 8-9 | SANS Rocky Mountain Summer 2023 | ✓ | Core NetWars |
June 15-16 | SANS Paris June 2023 | DFIR NetWars | |
June 21-22 | SANS ICS Europe 2023 | GRID NetWars | |
June 29-30 | SANS Munich 2023 | Cyber Defence NetWars | |
July 6-7 | SANS London July 2023 | ✓ | Cyber Defence NetWars |
July 13-14 | SANSFIRE 2023 | ✓ | Core NetWars, Cyber Defence, DFIR |
July 20-21 | SANS Pen Test Hackfest Europe 2023 | ✓ | Core NetWars |
August 8-9 | DFIR Summit | ✓ | DFIR |
August 10-11 | SANS London August 2023 | ✓ | Cyber Defence NetWars |
August 17-18 | SANS Chicago 2023 | ✓ | Core NetWars |
September 7-8 | SANS Cloud Security London 2023 | ✓ | Cyber Defence NetWars |
September 9-10 | SANS Network Security 2023 | ✓ | Core NetWars, DFIR, GRID |
September 14-15 | SANS APAC DFIR Summit & Japan 2023 | ✓ | DFIR NetWars |
October 12-13 | SANS London October 2023 | ✓ | Core NetWars |
November 2-3 | SANS Orlando Fall 2023 | ✓ | Core, DFIR NetWars |
November 9-10 | SANS London November 2023 | ✓ | Cyber Defence NetWars |