Cyber Resilience Workshop

Be the attacker and defender

Is your team prepared for the next supply chain attack or the next zero day? It's only a matter of time before your organization is compromised. You can protect your organization by becoming cyber resilient. Being cyber resilient allows organizations to identify, respond, and quickly recover from an IT security incident.

Contact Cisco

  • Get a call from Sales
  • Call Sales:
  • 1-800-553-6387
  • US/CAN | 5am-5pm PT
  • Product / Technical Support
  • Training & Certification

Request an interactive bootcamp today

Cisco Security Engineering would like to invite you and your team to enroll in a free Cyber Security Operations training opportunity.  No strings attached. This clinic is 90% hands on lab.  So, no death by PowerPoint.

To better fit your teams' individual schedules, we offer very flexible training sessions from totally on your own to on demand personalized hands-on bootcamp style. 

Request a hands-on bootcamp for a group

Gain first-hand knowledge on cyber attack and defense concepts, including ransomware, phishing, hacking tools, breach detection, incident response, and the latest defense technologies.

Request a personal on demand lab

You will be given remote access to your own individual lab environment running in Cisco dCloud.  So, there is nothing you need to install on your machine.

What you will learn

Scenarios are designed as modules that can stand alone or flow as part of the user experience you want to create to explore the world of cyber protection.

  • How environments get compromised
  • How security breaches are detected
  • How to respond quickly and effectively

Zero: The Modern Security Threat

Module zero includes an overview from thought leaders on the threat landscape, what Talos is seeing, and where the security community needs to be.

1: Welcome to HackMD (required lab)

Learn to navigate through our cyber-resilience platform, and then understand the environment from the perspective of an incident responder and an attacker.

2: Targeted Reconnaissance

Understand why, how, and what tools adversaries leverage to find loopholes in our networks and exploit vulnerabilities to obtain a foothold.

3: Smash and Grab

Understanding how reconnaissance works lets you launch an attack and exploit the threat environment to detect and prevent new attacks.

4: The Ransomware Scenario

In this module, you'll learn how the adversary leverages social engineering, phishing, and fear tactics to infect a network with ransomware.

5: Insider Threats

Access target network and use Metasploit to compromise systems. Detect and mitigate hostile behavior on your network using ISE and Cisco Secure Network Analytics.

6: Compromised Hosts

Access a network through a compromised VPN node. Detect and remove the compromised host from your network using ISE and a next-generation firewall.

7: Centralized Defense

This threat-hunting scenario uses two market leaders for security information and event management (SIEM): Splunk and IBM QRadar.

8: Security Automation and Response with SOAR

Learn how a SOAR can automate threat response tasks by integrating solutions like Cisco Firepower, Cisco ISE, and VirusTotal.

9: Web Defense and Resource Sustainability, Part 1

Attack web applications with XSS and SQL injection attacks, and then defend against them using Radware AppWall.

10: Web Defense and Resource Sustainability, Part 2

Hit HackMD's web services with a denial of service (DoS) attack. Pivot to defense with Radware DefensePro DDoS.

11: Defending Identities and Password Compromise

Launch phishing and social engineering attacks to gain access, and then use Duo and Splunk to defend yourself.

12: Monitoring for Threats and Performance

Monitor HackMD's data center for potential threats using Cisco Secure Workload.

13: Email Exploitation

Develop a phishing campaign and launch a targeted exploitation against HackMD. Use Cisco Secure Email to fight advanced phishing tools like Empire and Zphisher.

14: End–to–End Exploitation—Advanced Attack Lab

Deliver dropper and RAT to gain internal access and kill target. Then use AMP, Cisco Secure Network Analytics, Firepower, and Umbrella to identify and remediate the attack.

15: CRB Challenge

Perform a digital forensics and incident response (DFIR) investigation to understand compromise.

Cisco cyber threat comics

To help understand why cyber attacks occur and demonstrate common attack scenarios, Cisco created a series of comic books. The technology and security concepts in these comics are real, and most are covered in Cyber Defense Clinic labs.

Read Volume 1 (PDF)

Meet Mr. Black and his team as they plan to exploit the vulnerabilities of the HackMDs hospital. The story line follows modules in the Cyber Defense Clinic. 

Read Volume 2 (PDF)

Mr. Black wants revenge against the CEO who fired him. Can the HackMDs SOC stop him from gaining access to healthcare equipment while the CEO is treated?   

Read Volume 3

Mr. Black tries to abuse HackMDs's mandatory work-from-home order. Can investments in secure access service edge (SASE) and DevOps save the hospital from a massive data breach?