What are Cyber Defense Exercises?

Cyber defense exercises (CDXs) are hands-on information assurance exercises used in the UMBC computer science undergraduate and graduate curricula. Each exercise is organized in a flexible fashion to facilitate varied use for different courses, levels, and available time. During each exercise, students engage in structured activities using a virtual machine that is run in a lab or on a laptop from a mobile cart that can be rolled into any classroom. The virtual machines are configured to permit a student to make mistakes safely while acting as the system administrator, without adversely affecting any other users or systems.

The CDXs currently available are:

• Passwords
• Buffer Overflow Defense

CDXs for your Class

All materials needed to run and set up the exercises are available on this website. The cyber defense lab will run these exercises for faculty at UMBC given enough notice and provided we are available on the requested date. If you would like to run the exercises yourself, or are from a different university, you may contact Richard Carback (carback1 at umbc dot edu) for the images. It is also possible to build them for yourself. Feedback is welcome.

Requests and Current Development

You may send requests to Richard Carback. The following exercise topics are slated for future work:

• Intrusion Detection
• Vulnerability Scanning
• Wireless Network Security
• XSS - Cross Site Scripting
• SQL Injection
• Denial of Service Attacks
• Information Leakage (i.e. storing passwds in memory)
• Priveledge Escalation
• Command Injection
• Unvalidated Input
• Network Protection
• Hidden Functionality ("magic" URLS and forms)
• Social Engineering (Phishing/Malware and other fun)
• The Value of Error Handling