BSG Takes Part in a SANS Grid NetWars Tournament

SANS Grid Net Wars in Ukraine

BSG Takes Part in a SANS Grid NetWars Tournament

National Security and Defense Council, together with USAID Cybersecurity Activity and State Service of Special Communication and Information Protection, bring SANS NetWars to Ukraine. Berezha Security Group will take part in the event.

SANS NetWars is the well-known ecosystem for cyber range exercises and cyber security tournaments that allows cyber security professionals to build and enhance professional skills. Grid NetWars Tournament is the flavor of SANS NetWars that exclusively focuses on cyber security of Operational Technology of critical infrastructure.

Grid NetWars is a suite of hands-on, interactive learning scenarios that enable Operational Technology security professionals to develop, test and master the real-world, in-depth skills they need to defend real-time systems. It is designed as a challenge competition and is split into separate levels to allow players to quickly move through earlier levels based on their expertise. The Grid Netwars experience has been themed for the electricity industry and the scenario has been previously used to support multiple electric sector exercises. Grid NetWars was designed to enable participation by players at all skill levels and from any sector (not just the electric sector).

SANS Grid NetWars

It is the first time that the SASN NetWars tournament will be held in Ukraine. The format of the event will be hybrid, so virtually everyone can join. You will need a team of two to five people, and there is a complete list of required skills and equipment at the SANS NetWars website. But briefly, all you need to have is a modern PC, VMware Player, and the will to learn.

Laptop Requirements

– 64-bit system
– Internet access
– Latest VMware Player or admin privileges with the ability to install VMplayer and enable VT support in BIOS
– Ability to disable all security software on your laptop, including antivirus and/or firewalls
– At least 30 GB of free hard-drive space (50 GB recommended)
– At least 8 GB of RAM
– Download of Grid NetWars VM distribution will be provided to registered attendees.

SANS Grid NetWars

Are you ready to accept the challenge? Then get registered by this link and get equipped to start on December 2, 2021. The virtual lab will be open between 08:30 and 18:30 Kyiv time. And there is a Facebook event, so you can add it to the calendar and not miss the start.

The SANS Grid NetWars challenge implements a set of practical scenarios. We are excited to try out our cyber defense skills and techniques against the tasks. To get a chance to win, the teams will have to go through a realistic electric grid infrastructure compromise scenario. They will start with detecting potential threats in the network, continue through the incident response and digital forensics investigation, and land on the remediation of identified threats and eradication of attacker presence in the infrastructure.

low angle view of posts under blue calm sky
Photo by Brett Sayles on

SANS arranges the Grid NetWars tournament challenges in four levels. Level 1 focuses on incident detection and response, so get your log parsing and malware analysis tools ready. On Level 2, as the next step in the investigation, the teams will download a virtual machine prepared by SANS to go through the endpoint compromise analysis.

Going further, in the Level 3 tasks, the teams will have to assess the impact the attackers caused on the power grid network as a whole. And on Level 4 the teams will focus on repairing the compromise and removing the access the attackers have gained in the power grid network.

Given the SANS’s technical sophistication and educational proficiency, all the participants will benefit from merely taking part in the tournament. You have time until November 25 to register a team. We encourage all Ukrainian cybersecurity-centered firms, universities, and state services to delegate their teams to the tournament.

If you do not have a team to play with, apply as an individual player. The organizers will draw random teams off the pool of individual players after the registration is closed. So play, learn, and attempt to win – you are out of excuses not to.

OK, but why are we participating in the tournament given that BSG is a red-team focused cyber security firm? We excel at penetration testing, application security, infrastructure security assessments, social engineering, and other ways to simulate a potential attacker. However, it does not mean that we are entirely ignorant of the cyber defense discipline – quite the opposite.

Our experts have pretty diverse backgrounds in CIO, CISO, and Enterprise IT Architect positions. We were information security consultants, IT auditors, blue-team managers, and incident responders in our previous roles. We are proficient in cloud security, data security, threat hunting, and using and integrating various cybersecurity solutions in the enterprise.

We offer these skills to our clients when we see an opportunity because our ultimate goal is to help them with their risk management. We just do not broadly advertise these services in our main line of products.

It may all change next year as we plan to extend our service offering towards organizational cyber security. For instance, we are currently undergoing a thorough pre-assessment for becoming an eligible SOC2 audit service provider.

We observe that the Eastern European large and mid-sized IT service firms generate steady demand for such services. And there are just a few information security consulting companies in the region that could satisfy this demand.

Fortunately, BSG has the right combination of audit, financial, business, and cyber security skills to become such a firm. The distinctive experience of our experts and co-founders creates a unique opportunity for us to stand out from other companies. So why not give it a fair try and test our blue-team skills?

By the same logic, why not stand up to a challenge of cyber security defense and take part in SANS NetWars? We are already a leader in the red teaming services: why be afraid of trying something new? Who knows, maybe next year we will think about extending operations to digital forensics, incident response, and managed cyber security governance services.

We already planned to add DevSecOps consulting and managed Threat Modeling processes to our standard offering. So it looks like we are right on the line separating Red from Blue. Why then not take a step further and step over that line?

Also, we think that taking part in such an event makes a good point. Yes, we might be less prepared for the tournament than the teams who react to cyber attacks day after day. They have an advantage as Threat Intelligence and FDIR tasks are on their plate every day. 

However, we simply cannot pass the opportunity as SANS deploys NetWars in Ukraine. For us, it is a historical event. And we, as long-term supporters of the Ukrainian cyber security professional community, have been waiting for this for a very long time.

So, this is a straightforward choice to make for us. And if you are a Ukrainian cyber security company, we encourage you to join the challenge. There is still time to register a team and take part in the competition. See you at the tournament, but until then – stay safe.

Vlad Styran

Vlad Styran is an internationally known cybersecurity professional with 15+ years of experience in Penetration Testing, Social Engineering, and Security Awareness. He currently holds OSCP, CISSP, and CISA credentials and was certified as C|EH, ISO27001LA, and many more throughout his career. He is a notable blogger, podcaster, and conference speaker. At BSG, Vlad is responsible for our growth and customer experience. His involvement allows us to deliver first-rate cybersecurity consulting services in software security, cybersecurity awareness, cybersecurity strategy, and security investment.

Leave a Reply