GREYCORTEX is happy to announce that we, represented by Petr Chmelar, Chief Research Officer, successfully participated as a member of the Situational Awareness (Yellow) Team in the recent “Crossed Swords 2018” cyber defense training exercise, held in Latvia and organized by the NATO Cooperative Cyber Defense Centre of Excellence (CCDCOE) in cooperation with CERT.LV.
The sister event to the larger NATO CCDCOE “Locked Shields” cyber defense exercise (the largest and most complex live-fire cyber defense exercise in the world), “Crossed Swords” is focused on practicing skills required to carry out responsive tactical cyber operations. “The exercise aims to practice skills required to fill the role of the Red Team at cyber defence exercises and to offer the most cutting-edge and challenging training experience for national cyber defenders. It is evident that in order to defend ourselves better in cyberspace, we need to know how attacks are carried out,” explained Aare Reintam, Project Manager of Technical Exercises at the NATO CCDCOE. The “Crossed Swords 2018” event included a group of more than 80 cybersecurity professionals from 15 countries.
In this year’s exercise, the Red Team was tasked with conducting a full spectrum cyber operation in a fictional scenario, while the Blue Team actively defended their assets. The Yellow Team monitored Red Team activity from different sources of information, such as network tap and host-based log files, and provided a highly valuable near real-time feedback. As part of the exercise, GREYCORTEX contributed features to “Frankenstack,” a novel stack of tools built by NATO CCDCOE, Tallinn University of Technology, CERT.LV, and industry partners.
GREYCORTEX’s experience didn’t end with the end of the training exercise. Inspired by "Crossed Swords,” GREYCORTEX renamed its Malware Lab research team to the “Red Team,” but as Petr Chmelar noted, “We will always be Yellow Team-focused.”