KC7: Cyber Defender Game
Introduction: Learn to Catch the Hacker!
Welcome new Cyber Defenders!
— Threat intel is for everyone Learn Cybersecurity using real threat data. KC7 is a game that teaches you real world cybersecurity skills
KC7 simulates an intrusion by multiple cyber threat actors against a fictitious company that teaches you to identify adversary activity across all seven phases of the Cyber Kill Chain using realistic data.
By the end of your first day on the job, you should be able to:
- Use Kusto Query Language (KQL) to manipulate data in Azure Data Explorer (ADX)
- Use multiple data sets to answer targeted questions
- Find cyber activity in logs including: email, web traffic, and server logs
- Use multiple techniques to track the activity of APTs (Advanced Persistent Threats)
- Use third party data sets to discover things about your attackers
- Build a threat intelligence report
- Make recommendations on what actions a company can take to protect themselves
If you are a trainer please start with the block T3: Train-the-Trainer Intro before going through the workshop. If you are a student please continue on to Activity 1: Login & Setup of the Cyber Environment
Please do not use the Firefox browser for this workshop.
Note that KQL, much like every other coding language, is case-sensitive. So keep that in mind when working in Azure Data Explorer (ADX). However, the Cyber Defender Game Scoreboard is NOT case-sensitive.
Table of Contents
- Activity 1: Login & Setup of the Cyber Environment
- Tutorial 1: Intro to Threat Intelligence
- Tutorial 2: New Employee Orientation
- Activity 3: Kusto Query Language 101
- Activity 3.5: KQL 101 Answers Explained
- Activity 4.5: Catch the Hacker Answers Explained
- Bonus 2: Truth or Misinformation?
- T3: Choosing the Right Event Style
- T3: Event Schedule & Logistics