Chapter 3. Cyber polygon as a tool for training cybersecurity professionals

The continuous escalation of cyber threats and the evolution of attack methods on information systems necessitate the training of highly skilled cybersecurity professionals who can effectively respond to real-world threats. There is a need for training programs that provide students not only with theoretical knowledge but also with practical experience in countering cyberattacks. Cyber polygons serve as a critical tool in preparing professionals, enabling students to develop vulnerability assessment skills and implement defense strategies in an environment that simulates real-world attack and defense scenarios.

This study is based on the cyber polygon of the Department of Solid-State Electronics and Information Security, which includes a comprehensive suite of training scenarios covering various aspects of cybersecurity. Three key scenarios are outlined in this work. The first involves web application vulnerability scanning using Qualys, allowing students to learn risk assessment and develop recommendations for enhancing security. The second scenario utilizes Metasploitable 2 as a simulation platform for practicing network attack and defense techniques. The third scenario, developed in collaboration with UnderDefense, involves tasks related to GitLab and Active Directory, where students engage in ethical hacking within a corporate infrastructure.

Through the use of the cyber polygon, students gain practical skills in vulnerability detection, risk assessment, and the application of comprehensive protection methods. They also acquire experience in managing Active Directory infrastructure, using LDAP for remote access, analyzing GitLab security, and performing attacks in realistic network environments. Team competitions and work on various scenarios enable students to master both offensive and defensive techniques, including brute forcing, remote code execution (RCE), Server Message Block (SMB), and local privilege escalation (LPE), strengthening their preparedness for careers in cybersecurity.

The training scenarios developed on the basis of the department’s cyber polygon provide students with the necessary experience to work in the field of cybersecurity, deepening their understanding of risks and protection methods. The skills acquired enhance their competitiveness in the job market, equipping them to address information system security challenges in contemporary environments. The cyber polygon not only builds professional competencies but also fosters teamwork and strategic thinking, which are critically important for a successful career in cybersecurity.