A growing research repository made by Gary Leigh 🇦🇺. Powered by Notion, Vercel, Cloudflare and the open source community at large.
If you've come here looking for my cyber security business, things like information security consulting services, penetration testing, or APT hunting and threat intelligence work, or other commercial cyber related activities (investigations, strategy, governance ect) please reach out to me directly on Facebook 👍 (Yes, that's right, Authenticated accounts only folks).
History of Wargaming
Cyber wargaming (in general)
The 5×5-Is it a game or is it real? Simulations and wargaming in cyber
Greater insight into risk and response allow public and private sector organizations to better prepare for crisis before it happens and rerun history to stave off defeat in future. Wargames can be complex live events or low-cost simulations. They can even be the basis for major reforms to policy and doctrine, giving us much to understand about them.
Cyber wargaming (in action)
Locked Shields is a unique international cyber defence exercise offering the most complex technical live-fire challenge in the world
This annual exercise, organised by CCDCOE since 2010, enables cyber security experts to enhance their skills in defending national IT systems and critical infrastructure under real-time attacks. The focus is on realistic scenarios, cutting-edge technologies and simulating the entire complexity of a massive cyber incident, including strategic decision-making, legal and communication aspects.
It is a Red team vs. Blue Team exercise, where the latter are formed by member nations of CCDCOE. In 2021 there were 22 Blue Teams participating with an average 40 experts in each team. The Teams take on the role of national cyber Rapid Reaction Teams that are deployed to assist a fictional country in handling a large-scale cyber incident with all its implications. The Exercise in 2021 involved about 5000 virtualised systems that were subject to more than 4000 attacks. The teams must be effective in reporting incidents, executing strategic decisions and solving forensic, legal and media challenges. To keep up with technology developments, Locked Shields focuses on realistic scenarios and cutting-edge technologies, relevant networks and attack methods
Australian Government, Department of Human Services cyber war games
Cyber War Games - Operation: Tsunami 2019 - 2-6 September 2019 - Canberra, ACT
Cyber crime is on the rise. So is the need for skilled staff to protect organisations, infrastructure and people from cyber criminals. Attracting people into the Cyber Security profession is important-keeping them at pace with the rapidly changing threat landscape is critical.
U.S, Atlantic council, cyber 9/12 (Excellent)
Cyber 9/12 Strategy Challenge Playbooks and Scenarios
Each year, competitors from around the globe compete in the Cyber 9/12 Strategy Challenge, developing policy recommendations in response to a realistic cyber crisis simulation. The Cyber Statecraft Initiative has selected and curated policy analyses and recommendations from award-winning teams around the world.
The CNA page is packed with useful and insightful wargaming information in general
For example, from their website they have 4 types of 'games' which can be applied in different contexts:
- Force-on-Force Operational Wargames – A “classic” wargame where teams controlling opposing forces debate and decide on combat movement and actions.
- Operational Troop-to-Task Wargames – CNA developed this style of resource management wargame to explore organization staffing. By building a custom wargame around an organization’s staff and specific circumstances, this style of wargame can be used to stress-test a new or proposed organizational design before it is implemented and avoid inadvertent holes in the new structure.
- Event-driven Decision Support Wargames – These are the most diverse style of wargame that CNA regularly runs. These wargames are best in the early stages of concept development, when participants want to explore the planning process of a potential action.
- Seminar-Style Wargames – The seminar style wargame focuses less on the specifics of what is happening in an operational setting and focuses more on the exchange of ideas between the participants. Seminar-style wargames bring in the top experts in their field to engage with each other to focus on education and idea generation.
China's use of wargaming to prepare their non-operationally tested capability
Analog Game Studies
Extracting the Pedagogy: Using Games as Texts in the Language Classroom - Alex Hogue Play to Find Out What Happens: Insight Through Reflection - Jason Cox Roleplaying as a Solution to the Quarterbacking Problem of Cooperative and Educational Games - Josh Miller Book Review: Jonathan Rey Lee We return to questions of pedagogy in this issue of Analog Game Studies.
Drills & Exercises 2021
Historical war games
Past exercises held by the Johns Hopkins Center for Health Security
The Center hosts a series of tabletop exercises to illustrate the high-level strategic decisions and policies stakeholders will need to pursue to diminish the consequences of a severe pandemic. The Johns Hopkins Center for Health Security in partnership with the World Economic Forum and the Bill and Melinda Gates Foundation hosted Event 201, a high-level pandemic exercise on October 18, 2019, in New York, NY.
Microsoft Cyber battle sim
Thanks to one particular A.I genius who shared these with me
GitHub - microsoft/CyberBattleSim: An experimentation and research platform to investigate the interaction of automated agents in an abstract simulated network environments.
An experimentation and research platform to investigate the interaction of automated agents in an abstract simulated network environments. - GitHub - microsoft/CyberBattleSim: An experimentation and research platform to investigate the interaction of automated agents in an abstract simulated network environments.
Detection of malicious domains
CIC-Bell-DNS2021 | Datasets | Research | Canadian Institute for Cybersecurity | UNB
Malicious domains are one of the major threats that have jeopardized the viability of the Internet over the years. Threat actors usually abuse the Domain Name System (DNS) to lure users to be victims of malicious domains hosting drive-by-download malware, botnets, phishing websites, or spam messages.
BOOK REVIEW Russian Thinking on the Role of AI in Future Warfare Review of: V.M. Burenok, "Iskusstvennyy intellekt v voennom protivostoyanii budushchevo" ("Artificial intelligence in the military confrontation of the future"), (В.М. Буренок, "Искусственный интеллект в военном противостоянии будущего", Voennaya Mysl, April 2021. Военная мысль).
Simulation for cybersecurity: state of the art and future directions
Australian Universities that I have identified that could facilitate wargaming research in my opinion
- Monash University
- Australian National University
- National Security College
- Strategic and Defence Studies Centre
- School of Cybernetics (Potentially)
- University of Sydney
- University of Adelaide
- University of New South Wales, Canberra - Australian Defence Force Academy
UK and US institutions
- Royal Holloway, University of London offer an information security PhD that has had a wargaming topic completed in the past
- Bath Spa University has a wargaming expert that could take PhDs. I think there was a recent scholarship going in the topic of AI and Wargaming.
- Whilst I haven't spoken with them directly, I am under the impression that wargaming, cybersecurity and AI would be a complimentary topic to the folk at RAND
- Bristol and Swansea also deserve mentions however I have not been able to reach any researchers yet to speak about wargaming.
- King's College London has an impressive wargaming network. However I cannot speak to the cybersecurity and AI aspects as they have not replied back on the matter. They also had a recent event with an impressive amount of wargaming activity.
- US Naval War College is my current preferred recommendation however for most folk this is unobtainable.
- It may also be worth enquiring with an NATO and UN universities and education providers. However, for most folk interested in these topics, your milage may vary in terms of how much correspondence you can achieve.
- I can confirm that Georgetown University has a demonstrable capacity for wargaming with a potential interest in cyber security as well
- I've cast my eye recently (2021) on Stanford because as a non-American, it seems the most straight forward for applications, and having the strong networks
National Graduate Institute for Policy Studies (GRIPS) | Gateway to Global Leadership
GRIPS is a graduate school in Tokyo that offers MA & PhD programs taught in English on public policy, development, economics, political science, international relations, and operations research, etc. Full scholarships are available. On- and off-campus interaction with Japanese students who share the same academic interests yields significant benefits in students' personal and academic lives.
CREST approved institutions
Technically, any of these institutions should have the capacity to assist with cyber research but I have not personally validated this yet
Connections US is being held online next week (Jun 22). Registration details are on their website https://connections-wargaming.com/ Connections UK have also announced their dates 14-16 Sept. See their website for more details https://www.professionalwargaming.co.uk/ For those that missed it, the videos from Connections North (Canada) are available via PaxSims https://paxsims.wordpress.com/2021/05/31/connections-north-2021-videos/ Finally, our own Connections Oz is being planned for December.
UK & Europe
Connections UK - Wargaming Professionals
Connections UK: Connections UK is the premier professional wargaming conference in the UK. Similar to Connections USA. 2021 Conference: Will be on 14 and 15 September 2021. More details are here. Purchase a ticket via Eventbrite. Tickets are live; book now! Purpose. To bring professional wargame practitioners together to share and spread best practice.
Connections NL homepage
Strategy gaming In a globalized world with its fast technologic development there may just be subtle differences between a strategy that leads to mediocre performance or to success, be it in security or in business. A good strategy leads the way to picking the right battlefield and outsmarting the competition.
This page last updated on July 21st, 2021 The Connections Wargaming Conference is an annual event which is held each summer to bring together practitioners from every segment of the wargaming community. Connections is open to all wargaming practitioners, and we welcome international participation. We are anticipating hosting Connections 2022 live - more to come soon!...
FIRST - Improving Security Together
FIRST is the premier organization and recognized global leader in incident response. Membership in FIRST enables incident response teams to more effectively respond to security incidents reactive as well as proactive. FIRST brings together a variety of computer security incident response teams from government, commercial, and educational organizations.
We were able to share the game with Simulation Australasia at their 2021 conference. It was very well received.
Harvard Humanitarian Initiative
The Harvard Humanitarian Initiative (HHI) is a university-wide academic and research center in humanitarian crisis and leadership. Our mission is to create new knowledge and advance evidence-based leadership in disasters and humanitarian crisis. Our work focuses on two main areas: the Humanitarian Academy at Harvard and Research & Translation.
Modular conversion, encoding and encryption online
Web app offering modular conversion, encoding and encryption online. Translations are done in the browser without any server interaction. This is an Open Source project, code licensed MIT.
The Verica Open Incident Database
The VOID is a community-contributed collection of software-related incident reports. Together we can make the internet a safer and more resilient place. Full production outage Partial production outage Non-production outage Data loss Degraded service/performance Connection issues Increased errors Increased latency Cascading failure Near miss Security Other No results found, try adjusting your search and filters.
Unit 42 - Latest Cyber Security Research | Palo Alto Networks
This post is also available in: 日本語 (Japanese)
PAXsims is pleased to present some recent items on conflict simulation and serious (and not-so-serious) gaming that may be of interest to our readers. Robert Crandall, Aaron Danis and Colin Marston suggested items for this latest edition.
DFIR: Windows and Active Directory Attacks and Persistence
Today I would like to focus on an improved version of my previous blog post about DFIR in Windows & Active Directory. We will cover examples of different attacker's techniques and ways how attackers could persist in an environment. This will include things from executing the techniques by ourselves, to diving into the traces that...
Security Unlocked explores the technology and people powering Microsoft's Security solutions. In each episode, Microsoft Security evangelists Nic Fillingham and Natalia Godyla take a closer look at the latest innovations in threat intelligence, security research, and data science, with a special focus on demystifying artificial intelligence and machine learning.
- STIGs & SCAPs to investigate for models or TTPs
- Cyber security futures
MITRE ATT&CK ® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
Introduction to STIX
Structured Threat Information Expression (STIX™) is a language and serialization format used to exchange cyber threat intelligence (CTI). STIX is open source and free allowing those interested to contribute and ask questions freely. Contributing and ingesting CTI becomes a lot easier. With STIX, all aspects of suspicion, compromise and attribution can be represented clearly with objects and descriptive relationships.
- Atomic Red Team (Red Canary)
- A general list, quite good
My research and techniques are outstanding ways to 'play' in the c-suite and management to formulate strategy. I will update this section shortly.
I have decided to focus on computer emergency response teams as part of a meta analysis on 'cyber power' in the strategic-national security nexus sense. tl;dr cyber statecraft & 5 w's (Who, can do what, where, when and why).
AusCERT | Safeguard your Information | Cybersecurity Services Australia
AusCERT is a not-for-profit Cyber Emergency Response Team based in Australia. We'll help you prevent, detect, respond and mitigate cyber-based attacks.
Hong Kong Computer Emergency Response Team Coordination Center
HKPC Urges Enterprises for Cyber Security Strategy for the New Normal and New Technologies The Hong Kong Productivity Council (HKPC) today urged enterprises to quickly put in place cyber security strategy for the new normal and new technologies, in order to combat an anticipated surge in cyber attacks in 2021 arising from accelerated digital transformation amid the COVID-19 pandemic and the use of emerging technologies such as 5G communications, Internet of Things (IoT) and AI.
Undergrad days at the Strategic and Defence Studies Centre
- There was a lot of foundational research and training in strategic policy, the science of security, defence, intelligence and affairs pertaining to Australia's national interest across every country in the Indo-Pacific. A lot of cross institutional exposure, particularly American institutions with a reputation of excellence in these areas. Course was designed as to have no peer competitors and in alignment with the standing of the College as global top 10 in D.I.M.E subjects. That's my long-winded way of saying, grand strategy.
National Security College & Asia-Pacific College of Diplomacy Days
- This is where I began to formalise my speciality skills in cyber security (for example, nuclear security, psychological operations, ect) but I chose cyber security. ANU offered full rides in Masters in both degree's but I honestly grew bored as my foundational studies were so advanced.
Grad School Days at the School of Computing and Information Systems at the University of Melbourne
- Melbourne at the time was the world's most liveable city and best in Australia and global top 30 for Information Systems and business. I mostly focused on synergistic aspects of cybersecurity (knowledge management systems, information science, human-computer interaction, consulting and business repertoire)
Research interests at Charles Darwin University
- I'm unsure if it is pertinent to share my most recent research as it is sensitive and novel so not widely known or understood
Finding a home, doing a PhD
I'm still on the hunt for a place I can do my research. Basically every university you see in my universities list I've contacted but not been able to find an offering that is suitable for me. I have turned down an opportunity, for now, to work with UNSW@ADFA despite it being a personal dream of mine. Remember, when you have the goods, your negotiation position is stronger, so don't sell out your research and passions, or settle for things that aren't right. Rather, find a team and an institution that will rise with you.
University courses I have designed and taught
- HCS261 Fundamentals of Humanitarian Practice
- IAS335 War, Revolution and Terror
How did I make this blog?
I've been trying to build a website whereby I could use notion as my CMS and then have everything be dynamic and super easy. Here are a collection of links that I referenced in the process, and it couldn't be done without the love of open source.
Please note that I'm not a "classically trained dev" nor have I worked as one. So if you spot something on this site that could be improved, you're welcome to reach out and give us a hand. Protip for beginners, set up your environment first, and perhaps, don't rush and go through the NextJS tutes like you're supposed to. But if you like to learn by doing, just open all the tabs and give it a whirl.
GitHub - transitive-bullshit/nextjs-notion-starter-kit: Deploy your own Notion-powered website in minutes with Next.js and Vercel.
The perfect starter kit for building websites with Next.js and Notion. This repo is what I use to power my personal blog / portfolio site transitivebullsh.it. It uses Notion as a CMS, fetching content from Notion and then uses Next.js and react-notion-x to render everything. The site is then deployed to Vercel.
Creating a NextJS Blog with Notion
My personal website ( https://www.kleveland.dev/ still a little WIP!) that hosts both my blog content and my projects is actually sourcing its data from my Notion pages. This means when I want to create a new blog entry or add a new project to my personal website, I can simply go and edit my Notion table to add a new page or update an existing page.
Using the Notion API with Next.js
Watch as I build a Next.js application using the newly released Notion API live.Links-----Code: https://github.com/leerob/notion-api-nextjsDemo: https://noti...
GitHub - samuelkraft/notion-blog-nextjs: Next.js example blog powered by Notion Public API
Next.js example blog powered by Notion Public API. Contribute to samuelkraft/notion-blog-nextjs development by creating an account on GitHub.
Building a blog with Notions public API | Samuel Kraft
Ever wanted to use Notion as a blog CMS? This guide will walk you through how to setup Notion for blogging and how to access the data using Notions public API. Notions public API is finally here!
Start building with the Notion API
Learn | Next.js
First, let's make sure that your development environment is ready. If you don't have Node.js installed, install it from here. You'll need Node.js version 10.13 or later. You'll be using your own text editor and terminal app for this tutorial.
Fruition - Build Your Next Website With Notion, For Free
Perfect for your portfolio, blog, landing page, or business site. Features: pretty links, custom domains, Google Fonts, SEO support, script injection.
GitHub - stephenou/fruitionsite: Build your website with Notion for free
Use cases: perfect for your portfolio, blog, landing page, and business site Features: pretty URLs, custom domains, Google Fonts, SEO support, script injection Benefits: completely free, no lock-in, and open source For step-by-step setup instructions, visit https://fruitionsite.com This repo has 2 independent parts: worker.js is the Cloudflare Worker script everything else is a React app that helps generate the Worker script via a UI.
A hackable text editor for the 21st Century
Great things happen when developers work together-from teaching and sharing knowledge to building better software. Teletype for Atom makes collaborating on code just as easy as it is to code alone, right from your editor. Share your workspace and edit code together in real time.
Why did you make this?
I've been trying to find a home for my research into wargaming in cyberspace powered up with A.I for sometime. I've searched far and wide and reached out to some of the best universities, war-gamers and researchers around the world. But since I haven't actually found a place to do a doctorate of my own, I figured there's no reason to waste time and just start now. I'm hoping someone out there might put the captcha together and bring me onboard.
Are you available for consulting, advisory or joining our team?
Call me anytime. But at this stage I don't need to work and focus purely on my passion projects.
ThinkJohn Wick meets Wozniak type of thing.
Charles Darwin University Cert IV Cyber Security & Diploma
The Cert IV for Cyber Security demonstration materials have now closed. Thank you for your interest in developing the cyber security talent of the NT
- SWOT for the Victorian vs National Diploma level and Cert IV (Including advanced)
- Preliminary lesson design and scaffolding
- Early strategic estimates for cost, enrolments and planning over a 5 year duration
- Foundation work on creating a VET program from scratch in cyber security in the NT-CDU context
- Competitor analysis against Victorian, WA and NSW Tafe providers
- Mentoring and coaching to both the students and the teaching staff
- Resource gathering such as cyber study materials, check lists, code samples, virtual machine demonstrations
- Competency and knowledge verification of cyber defence topics for students
- Basically, gave the students the best chance they could have to represent the NT