top of page
Search

Day Two: Building the Network, Hunting the Threat

  • Writer: cyberlikeaviking
    cyberlikeaviking
  • 4 days ago
  • 6 min read

CyberTexas Foundation CyberPatriot Advanced Camp '26 Continues with Cisco Networking, Active Threat Hunting, and Windows Automation



Yesterday, our campers began their journey into one of CyberPatriot's most challenging—and often most intimidating—subjects: networking. We broke down IP addresses, binary, subnet masks, CIDR notation, and subnetting. By the end of the day, students had discovered that subnetting isn't magic—it's simply a logical process.


Today, they found out there was another challenge waiting for them.

⚔️ The Morning Challenge

As the Cyber Class Crew arrived this morning, they were greeted with something waiting for them on the board...

More subnetting challenges!


I'll admit, I was probably more excited about the new subnetting questions than the campers were. I heard a few laughs, a few groans, and maybe even a couple of "More subnetting?" comments.

But something was different today.


Instead of staring at the problems wondering where to begin, the teams immediately pulled out what they had learned yesterday. They started building their subnetting charts, calculating network ranges, and working through each problem together.

One by one...

Every team successfully completed the morning challenge.


That was one of my favorite moments of the day—not because everyone found the correct answers, but because I could see their confidence growing. Yesterday, subnetting looked intimidating. Today, it looked like a challenge they were ready to conquer.


🛡️ Cyber Viking Lesson: Confidence isn't built by avoiding difficult challenges. It's built by solving them one step at a time.


🌐 From Theory to Practice

With the subnetting challenge complete, it was time to move from the whiteboard into the world of Cisco networking.

Before opening Cisco Packet Tracer, we spent time discussing the building blocks of a network.

We explored:

🛡️ CAT5 through CAT8 Ethernet cables

🛡️ Fiber optic cables

🛡️ Console cables

🛡️ Straight-through cables

🛡️ Crossover cables


We talked about when each cable is used, why it exists, and how selecting the correct cable is just as important as configuring the devices connected to it.

Next, we discussed the differences between:

⚔️ Routers

⚔️ Switches

⚔️ Multi-Layer Switches


Rather than simply memorizing definitions, students learned the role each device plays within a network and how they work together to move information from one place to another.


💻 Our First Cisco Packet Tracer Lab

With the fundamentals in place, it was finally time to build a network.

For many campers, this was their very first Cisco Packet Tracer lab. Some had watched teammates complete Cisco networking labs during CyberPatriot competitions, but today they were the ones sitting at the keyboard configuring routers and switches.

The lab was designed to introduce students to the Cisco IOS command line while reinforcing the networking concepts they had learned over the past two days.


Students built a branch office network by:

⚔️ Installing an HWIC-2T serial interface card into the East router.

⚔️ Connecting a serial cable between HQ and the East router.

⚔️ Connecting the East router to the East switch using the correct Ethernet cable.

⚔️ Connecting a console cable from the PC to the switch.

⚔️ Connecting the PC to the switch using the proper network cable.


Once the hardware was connected, students configured the devices.

They activated interfaces, assigned IP addresses, configured the switch management interface, assigned the default gateway, configured the PC, and saved their configurations before testing connectivity across the network.


Every successful ping was proof that their subnetting calculations were correct.

Students quickly realized that subnetting isn't just something written on a whiteboard—it's the foundation for configuring real networks.


Watching the teams work together, compare answers, and troubleshoot problems was fantastic.

Our incredible CrowdStrike volunteers were right there beside them, asking questions, providing guidance, and helping students understand not just what commands to type, but why they were typing them.


For many students, networking transformed from an intimidating subject into one they could actually understand.

🍕 Lunch Turned Into Networking Office Hours

When lunch arrived, I expected everyone to take a break after a busy morning.

Instead, eight campers came over and asked if we could spend more time talking about networking.

Absolutely!


We gathered around one of the booths and turned lunch into an informal networking workshop.

For the next half hour, students fired question after question.

⚔️ How do routers know where to send traffic?

⚔️ Why are subnet masks so important?

⚔️ Why do switches and routers have different jobs?

⚔️ How does CIDR notation really work?

⚔️ Why does CyberPatriot place so much emphasis on networking?

These conversations are some of my favorite parts of camp.

There wasn't a presentation.

There wasn't a whiteboard.

Just students who genuinely wanted to understand.


Watching those "light bulb" moments happen around a lunch table reminded me why I love teaching cybersecurity.


🛡️ Cyber Viking Lesson: Some of the best learning happens when class isn't officially in session.


📱 The Active Persistent Threat Strikes Again!

While everyone was enjoying lunch...

The camp's Active Persistent Threat was still on patrol.

Apparently...

They still haven't learned! 😂

Despite yesterday's lesson, campers once again left their phones unattended.

This time I achieved a new personal record...

🏆 Five unattended phones!

That means five more "ussies," five more surprised campers, and five more unforgettable lessons about physical security.

No harm was done.

Just another reminder that one of the easiest ways to protect yourself is simply keeping your devices with you.

I'm beginning to think my phone collection is growing faster than their security awareness!

Maybe tomorrow...

They'll finally remember.

(I'm not making any promises.)


🐉 The Ransomware Dragon Awakens


After lunch, it was time for the next lesson...

Active Threat Hunting.

Yesterday afternoon, after everyone had gone home, members of the incredible #CyTX team stayed behind to help me prepare today's surprise.


Together, they secretly deployed two familiar adversaries onto the lab computers:

🐉 The Ransomware Dragon Ransomware Simulator

🪿 The infamous Desktop Goose

To make the exercise realistic, they hid the files, created scheduled tasks, and prepared everything so the attack would automatically launch during class.


And it worked...

Perfectly.


As the scheduled tasks triggered, campers suddenly watched their computers come alive.

The Ransomware Dragon took over their screens.

Fake antivirus scans began running.

A simulated network map appeared.

The Dragon taunted the users while pretending to encrypt their systems.

Then, just when everyone thought things couldn't get any stranger...

The simulator welcomed them to the CyberTexas Foundation CyberPatriot Advanced Camp!

The room immediately filled with surprised faces, laughter, and students racing to investigate what had happened.


Without hesitation, everyone shifted into incident response mode.

Students searched for scheduled tasks.

They hunted for hidden files.

They investigated running processes.

They tracked down startup locations.

They worked together to identify how the attack was launched and, most importantly, how to stop it.

Watching the students transform from computer users into threat

hunters was exactly what I had hoped for.


The exercise reinforced an important cybersecurity lesson:

Real defenders don't panic.

They investigate.

They think critically.

They follow the evidence.

🛡️ Cyber Viking Lesson: Threat hunting isn't about guessing—it's about observing, investigating, and responding.


A huge thank you to the #CyTX team for staying after camp yesterday to help set up today's simulated attacks. You helped create one of the most memorable lessons of the week!

💻 Ending the Day with Windows 11

To wrap up Day Two, we shifted our focus to Windows 11.

We reviewed many of the Windows commands CyberPatriot competitors use during competitions and discussed the multiple ways administrators can launch the same management tools.


Students learned how many Windows utilities can be opened through:

🛡️ Command Prompt

🛡️ PowerShell

🛡️ Run

🛡️ Windows Terminal

🛡️ Microsoft Management Console (MMC)

Understanding that there are often several different ways to accomplish the same administrative task is an important skill for every cybersecurity professional.


Before dismissing everyone for the day, I gave them a homework challenge.

Students can choose to write either a Batch file or a PowerShell script that will:

⚔️ Stop and restart a Windows service.

⚔️ Enable Success and Failure auditing.

⚔️ Change every local user password automatically.

I can't wait to see the creative solutions they bring back tomorrow.

⚔️ Another Outstanding Day

Day Two was packed with learning, teamwork, and plenty of surprises.

Students strengthened their subnetting skills...

Built and configured their first Cisco network...

Asked outstanding networking questions during lunch...

Experienced an unexpected ransomware attack...

Became active threat hunters...


And wrapped up the day learning Windows administration and automation.

A special thank you once again to our amazing CrowdStrike volunteers for spending the day mentoring students through Cisco networking and helping them gain confidence with every challenge they faced.

Each day these campers continue to grow—not just in technical knowledge, but in curiosity, teamwork, and confidence.


I can't wait to see what adventures await us on Day Three.

Until then...

🛡️ Guard your devices.

🌐 Build your networks.

🐉 Hunt the threats.




⚔️ Cyber Like A Viking!

 
 
 

Comments


bottom of page