HTB enhancing global cybersecurity through collaboration

The US National Guard State Partnership Program (SPP) has, over its 30-year history, developed into a cornerstone of US security cooperation efforts with nations around the world. Its success is built on the principles of military-to-military engagement, diplomacy, and fostering people-to-people ties at the state level. In the era of increasing cyber threats, the partnership between the SPP and Hack The Box presents an opportunity to bolster global cybersecurity.

The Significance of Cybersecurity Training

In an increasingly interconnected world, the need for effective cybersecurity practices is paramount. Governments, organizations, and individuals are vulnerable to cyberattacks that can have profound consequences. Recognizing this, the SPP's expansion to include cybersecurity training is a natural progression, aligning with defense security goals, Department of Defense policy objectives, and broader international security cooperation efforts.

Hack The Box: A Valuable Partner

Hack The Box, a leading gamified cybersecurity upskilling, certification, and talent assessment platform, can provide invaluable support to the SPP's cybersecurity training initiatives. Here's how:

1. Customized training: Hack The Box can design customized training programs to address the specific needs and cybersecurity challenges of partner nations. These programs can be tailored to various skill levels, from basic cybersecurity principles to advanced threat detection and mitigation techniques. By adapting to various skill levels that are tied to industry frameworks (NIST/NICE & MITRE ATT&CK), HTB is able to elevate an analyst's/engineer's critical thinking and problem-solving skills.
2. Realistic training environments: Hack The Box's virtual labs and challenges provide realistic, hands-on training experiences. These environments enable analysts & engineers to develop practical skills by emulating real-world scenarios, enhancing their ability to defend against cyber threats effectively.  
3. Capture The Flag (CTF) competitions: Organizing CTF competitions can be a powerful tool for assessing and improving the skills of cybersecurity professionals. Hack The Box can create engaging challenges that test participants' abilities and encourage healthy competition.  Additionally, the active community and gamified structure enhance engagement, encouraging continuous skill development. 
4. Online learning platform: Partnering with Hack The Box provides access to an extensive online platform that offers a wide range of resources, including labs, exercises, and educational materials. This platform allows participants to learn at their own pace and convenience.  In addition, the content is all self-contained, so there is no need to purchase/download additional resources to complete the exercises.

Training virtually from home stations

One of the key advantages of integrating Hack The Box into the SPP's cybersecurity training efforts is the ability to train virtually from home stations. This flexibility allows participants to access training modules and exercises from the comfort of their own homes or designated training centers. It eliminates geographical barriers, making it easier for partner nations to participate in cybersecurity training initiatives.

Monthly drill weekend integration

To ensure consistent and ongoing training, SPP units can integrate cybersecurity training via Hack The Box into their monthly drill weekends. This approach facilitates a unique monthly touch point with their partner nations, creating a framework for persistent engagement. By training their partners virtually from home stations, the SPP units build a rhythm of continuous interaction and collaboration in the realm of cybersecurity. This not only allows for the development of shared knowledge and expertise but also fosters stronger relationships, trust, and mutual understanding between the National Guard units and their international partners. The regularity of these training sessions ensures that cybersecurity remains a priority, promoting an enduring commitment to collective security in the digital age.

Cybersecurity certifications and credentialing

In collaboration with Hack The Box, the SPP can offer internationally recognized cybersecurity certifications. These credentials not only validate the skills and expertise of participants but also enhance their employability in both public and private sectors.

Continual improvement and adaptation

Cybersecurity is a constantly evolving field. Hack The Box's commitment to providing regular updates and new challenges ensures that participants remain up-to-date with emerging threats and cutting-edge technologies.

1. On October 3, 2023, the vulnerability CVE-2023-4911, also known as "Looney Tunables," was first made public. "Looney Tunables," is a buffer overflow vulnerability in the GNU C Library, specifically occurring in the processing of the GLIBC_TUNABLES environment variable by the library's dynamic loader. This critical flaw allows attackers to execute arbitrary code by overflowing a buffer's boundary, potentially leading to unauthorized access or control over affected systems, making it a significant threat in networked environments.
2. On October 11, Hack The Box’s content team released the virtual machine “Looney” on the HTB Enterprise Platform, designed to demonstrate a buffer overflow vulnerability related to CVE-2023-4911.
3. On October 20, “Looney-D” was released on the HTB Enterprise Platform, focusing on teaching players how to identify and respond to the exploit CVE-2023-4911 within their network.
4. On November 22, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (DHS/CISA) added the vulnerability CVE-2023-4911 to its Known Exploited Vulnerabilities (KEV) catalog.

Hack The Box’s rapid production of relevant and timely content equips individuals not only with essential skill sets but also with practical experience in confronting the latest trends and threats in the cybersecurity domain. This hands-on approach is conducted within a secure, controlled environment.

Furthermore, Hack The Box’s purple team approach empowers organizations to gain a deep understanding of threats. This knowledge is crucial for developing successful mitigation strategies without compromising the performance or uptime of their networks.

Conclusion

The collaboration between the US National Guard State Partnership Program and Hack The Box represents a promising opportunity to advance global cybersecurity efforts. By leveraging Hack The Box's expertise, resources, and innovative training methodologies, the SPP can empower partner nations to defend against cyber threats effectively. 

This partnership aligns with the SPP's long-standing tradition of building relationships and fostering cooperation, making it a natural extension of its mission in the digital age. Together, these entities can contribute to a safer and more secure cyber landscape, reinforcing international partnerships in an increasingly interconnected world. 

The integration of virtual training from home stations and monthly drill weekends ensures that cybersecurity remains a continuous and evolving focus to meet USCYBERCOM’s priority of persistent engagement with partners.