How to Design a Blue Team Scenario for Beginners on the Example of Brute-Force Attacks on Authentications
Andreas Eipper, Daniela Pöhn
TL;DR
The paper addresses the need for beginner-friendly blue-team training against brute-force authentication in web applications. It presents three open-source, contiguous training scenarios that progressively teach detection (via Wireshark PCAP analysis), log-file inspection, and intrusion prevention with Fail2Ban within a Kali-based cyber range, accompanied by a JSON-structured description language. The authors contribute a design framework rooted in the CyberRangeDocUniBw taxonomy, an implementation blueprint, and an evaluative small-scale training session. The work offers a practical, transferable foundation for teaching basic identity-security defenses and can be extended to broader identity-management attacks and cross-OS deployments.
Abstract
Cyber attacks are ubiquitous and a constantly growing threat in the age of digitization. In order to protect important data, developers and system administrators must be trained and made aware of possible threats. Practical training can be used for students alike to introduce them to the topic. A constant threat to websites that require user authentication is so-called brute-force attacks, which attempt to crack a password by systematically trying every possible combination. As this is a typical threat, but comparably easy to detect, it is ideal for beginners. Therefore, three open-source blue team scenarios are designed and systematically described. They are contiguous to maximize the learning effect.