The DASWebs Inc. environment is the oldest of our environments. It is the environment most Operate & Maintain challenges occur in and has served admirably for the past eight years. However, we consider the NICE Challenges to be living content, which should be updated and improved over time to stay within the bounds of realism. While we believe we have accomplished this thus far, the challenges in the DASWebs Inc. environment are starting to be held back by their aging environment.
Thus, during the first week of January 2022, we will be releasing a refreshed and updated DASWebs Inc. environment! The refreshed environment has had all its operating systems upgraded to newer versions, new services and software installed (e.g., OpenMediaVault, osTicket, MediaWiki, Docker, etc.), and a fresh coat of paint applied to the DASWebs business website. Please find below a preview of the refreshed network map.
The NICE Challenges and environments are closely linked. Due to this, when we do a major environment refresh, we must convert every challenge linked to that environment (80 challenges in this case) to work in the new environment. Depending on the changes to the environment and the nature of the challenge, the conversion process can lead to challenges receiving minor alterations to significant reworks. We also updated some challenges to improve their functionality, reliability, and user experience during the challenge conversion process.
To help our Curators (educators) understand how much any challenge has changed, we have provided a list of altered challenges along with their general level of alteration at the end of this newsletter. If you are a Curator and have more detailed questions about how a specific challenge or challenges have changed, please reach out to our Content Team Lead & Community Manager, Alex Hillock (firstname.lastname@example.org).
We will be releasing the new scheduling system alongside the initial new content release during the first week of January 2022. Look at our previous newsletter for more information on the new scheduling system.
To safely test and release the new DASWebs Inc. environment, most of the converted and updated challenges, and the new scheduling system, we will need to take the NICE Challenge Webportal and Infrastructure into maintenance mode for the duration of January 3rd, 2022, to January 7th, 2022. During this time window, you will be unable to use on-demand workspaces, deploy challenges, or schedule reservations for workspaces within the affected week. Additionally, the NICE Challenge Webportal might become unavailable for brief periods during these five days.
We always attempt to be as minimally disruptive to our users as possible. We have identified this time window to be the least disruptive to our users based on historical trends. If this planned maintenance window is critically disruptive to your class, please contact us through the NICE Challenge HelpDesk as soon as possible.
Minor: Little to no changes. Primarily updates to context and backend check logic when needed.
Moderate: Challenge remains largely the same, but some checks may have been altered (e.g., replaced, updated, removed, consolidated, etc.) and Players may be asked to do a few things that are different from before.
Major: Challenge is conceptually similar, but has undergone a large rework. Most checks will be new or different.
|Helpdesk Fun: User Workstation Nightmares||Moderate||Includes Complexity 1 Version|
|Dangerous Drives||Minor||Includes Complexity 1 & 2 Versions|
|Disguising a Dastardly Deed with Disappeared Data||Minor||Includes Complexity 1 & 2 Versions|
|File Signatures Broke My Files||Minor|
|Hash Comparisons: Revealing the Concealed||Minor|
|Malware Analysis: My Haunted Machine||Moderate|
|Group Policy Protections||Minor|
|STIG Solutions||Moderate||Second Wave Re-release*, Includes Complexity 1 Version|
|Least Privileged Put Offs||Moderate|
|Local Admin No More, Security by Design||Minor|
|Insider Threat: Domain Lockdown Incoming||Minor|
|A WordPress Journey From Dev to Prod||Moderate|
|Interns & HR on the Domain Controller||Minor|
|Secure Domain Accounts & Passwords? Probably Worth||Minor|
|Secure Roots: Domain Organization & Access Controls||Minor|
|Basic Server Maintenance and Cleaning||Minor|
|The Network is Down! Contractor Edition||Moderate||Includes Complexity 1 Version|
|Infrastructure Monitoring: The Nagging You Need||Minor|
|Linux Administrator 101: Users, Access & Updates||Minor|
|Linux Administrator 101: Users, Access & Updates (Complexity 1)||Moderate|
|Security Begins & Never Ends with Updates||Minor||Includes Complexity 1 Version|
|Linux Administration 201: 101 + Network Integration||Minor|
|The Network is Down! Internal Issues Edition||Minor|
|A Database story: Backup then Recovery||Minor||Includes Complexity 1 Version|
|Creating the Digital Paths to Company Knowledge||Moderate||Third Wave Re-release**|
|Helpdesk Fun: Disappearing Drives & Web Apps||Major||Third Wave Re-release**|
|Playing Find the Bottleneck, Stage: Data Gathering||Minor|
|Overflowing Inboxes: An Intervention Policy||Minor|
|An ERD Story: Implementation Then Design||Minor|
|Great Project Beginnings: The Oracle DB Install||Moderate||Title Change when Re-released|
|Nothing Says Maintenance Like Updating Legacy Software Dependencies||Major||Third Wave Re-release**|
|Slow Query, Long Report||Minor|
|Data Backup & Recovery, Definitely Worth Testing||Moderate||Third Wave Re-release**|
|Shellshock (CVE-2014-6271) (Threat Sandbox)||Minor|
|Strengthening System Security||Minor||Second Wave Re-release*|
|Vulnerability Scan Complete, Begin System Hardening||Moderate||Second Wave Re-release*|
|A Tutorial Technical Challenge!||Minor|
|A Tutorial Hybrid Challenge!||Minor|
|EternalBlue (CVE-2017-0144) (Threat Sandbox)||Minor|
|Dirty COW (CVE-2016-5195) (Threat Sandbox)||Retired||Retired Due to Hard to Maintain Kernel Bug|
|Heartbleed (CVE-2014-0160) (Threat Sandbox)||Minor|
|Networking Woes: The Monitor We Need||Minor|
|KMS, Knowledge Maybe Somewhere?||Minor|
|Knowledge Management: The Framework to Connect Them All||Minor|
|Assuring Accurate Asset Inventories||Minor|
|Control Through Configuration Management||Minor|
|A Sense of Security||Minor|
|Backup everything in case of... Ocean?||Major||Third Wave Re-release**, Includes Complexity 1 Version|
|Malicious Mail Management||Minor||Second Wave Re-release*|
|Malicious Mail Management (Complexity 1)||Moderate||Third Wave Re-release**|
|Data Mining & Data Warehousing||Moderate||Third Wave Re-release**|
|Preventative Protection: Thwarting the Imminent Threat||Moderate||Includes Complexity 1 & 2 Versions|
|Operations Gone Wrong: The Incompetent Intern||Moderate||Third Wave Re-release**|
|Lengthy Logs: Attack Analysis||Moderate||Second Wave Re-release*|
|Lengthy Logs: Attack Analysis (Complexity 1)||Minor||Third Wave Re-release**|
|Networking Anomalies: The Packet Capture Edition||Minor|
|Skimping on Scripts: Dealing with Data||Minor|
|Calamitous Configurations||Minor||Third Wave Re-release**|
|Helpdesk Fun: User Login Nightmares||Minor|
|Security Begins & Never Ends with Updates: Networking Edition||Moderate||Second Wave Re-release*, Includes Complexity 1 Version|
|Customer Support Crash Course||Moderate|
|Social Site Stoppage||Minor|
|System Administration Crash Course||Moderate|
|Network Administration Crash Course||Moderate|
|Database Administration Crash Course||Moderate|
|Knowledge Management Crash Course||Minor|
|Systems Security Analyst Crash Course||Minor|
This table will be updated as additional details are added. Challenge conversions were done relative to the popularity of the challenge based on usage.
*Was re-released in a second wave on January 26th, 2022.
**Was re-released in a third wave on February 17th, 2022.
-- Last Updated February 17th, 2022
-- Originally Published December 2021
If you wish to use the NICE Challenges and don't yet have a Curator account on our Webportal (currently limited to faculty/staff at U.S. educational institutions), use the link below to access our website and fill out the sign-up form to get started. We are always looking for feedback on our work!
As always, thank you for your interest! All of us in the NICE Challenge Development Team look forward to working with you to make the best platform, environments, and challenges to enable the cybersecurity workforce of the future.
NICE Challenge Project Links...
NICE Challenge Project Website - https://www.nice-challenge.com
NICE Challenge Webportal - https://portal.nice-challenge.com
NICE Challenge Helpdesk - https://nicechallenge.freshdesk.com