Running a cyber security exercise is an immersive and effective way for you to evaluate and practise the skills and decision-making mechanisms you need to respond to cyber incidents. However, designing and facilitating an exercise can be a complex and difficult task. TTX Gym helps by providing a custom-designed tool specifically to help produce consistent, effective, and insightful exercising experiences.
Exercising is one of the most cost-effective ways an organisation can test its ability to respond to cyber incidents. By running an exercise using TTX Gym, you can establish how effective your current defence and response mechanisms are, improve your colleagues' internal relationships and skills (specifically their ability to deal with an actual cyber attack), and identify areas for further improvement.
TTX Gym is best suited for use in interactive, facilitator-led training. The tool itelf can be used in a standalone manner, but it is designed to be able to present a 'particpant view' to those interaacting with the scenario, as well as a separate 'facilitator' view for the organiser to control the exercise progression and ensure that appropriate notes and outcomes are recorded.
The ideal set-up for TTX Gym in 'in-person' sessions is for the faciltator to use a laptop or device running TTX Gym, with an additional monitor or TV connected to display the participant view, which will appear as a separate tab or browser window. For 'online' or 'hybrid' exercises, the participant view can be presented via screen (or window) sharing from the facilitator's laptop.
Choosing an existing exercise from the Exercise Library is the easiest way for beginners to get started with TTX Gym. The Library is populated with a wide range of scenarios that cover a variety of themes and situations, and the exercises themselves can be searched and filtered using the controls in the sidebar.
To find out more about an exercise, simply click on the tumbnail and a description will appear. From here, you can choose to either 'launch' the exercise, which will take you to TTX Gym with the selected scenario loaded and ready to go, or you can choose to 'download' the scenario file for modifcation and customisation. (see below for more on this).
Running a cyber security exercise is an immersive and effective way for you to evaluate and practise the skills and decision-making mechanisms you need to respond to cyber incidents. However, designing and facilitaitng and exercise can be a complex and difficult task. TTX Gym helps by providing a custom-designed tool specifically to help produce consistent, effective, and insightful exercising experiences.
Exercising is one of the most cost-effective ways an organisation can test its ability to respond to cyber incidents. By running an exercise using TTX Gym, you can help stablish how effective your current defence and response mechanisms are, improve your colleagues' internal relationships and skills (specifically their ability to deal with an actual cyber attack), and identify areas for further improvement.
Running a cyber security exercise is an immersive and effective way for you to evaluate and practise the skills and decision-making mechanisms you need to respond to cyber incidents. However, designing and facilitaitng and exercise can be a complex and difficult task. TTX Gym helps by providing a custom-designed tool specifically to help produce consistent, effective, and insightful exercising experiences.
Exercising is one of the most cost-effective ways an organisation can test its ability to respond to cyber incidents. By running an exercise using TTX Gym, you can help stablish how effective your current defence and response mechanisms are, improve your colleagues' internal relationships and skills (specifically their ability to deal with an actual cyber attack), and identify areas for further improvement.
This guide explains how to create configuration files that define stages, questions, variables, and facilitator prompts with markdown-enhanced content. Follow this structure and syntax to build properly formatted and feature-rich files.
The configuration file is structured into stages, variables, questions, facilitator prompts, and content. Each type has specific indicators to denote its purpose.
Stages define major sections in your file. Use @ followed by the stage name.
Example:
@ Stage 1: Initial Incident
Everything after this line belongs to this stage until the next stage declaration.
Define variables using !, followed by a key and value separated by a colon
(:). For multi-line values, omit the colon.
Examples:
! title: Example Scenario Title
! description
This is a multi-line description.
It continues on multiple lines.
Use ? to define a question. Answers are listed under it, each starting with
+.
Example:
? What is your primary concern?
+ Security breach
+ Data loss
+ Service downtime
Use # to declare facilitator prompts. Each prompt starts with +.
Example:
# facilitator prompts
+ Ask the team about their incident response plan.
+ Discuss the potential risks of delaying action.
+ Encourage brainstorming on containment strategies.
Enhance your content using Markdown. Below are supported features:
Wrap text in ** for bold.
**Important:** Take immediate action.
Output: Important: Take immediate action.
Wrap text in * for italics.
This is *italicized* text.
Output: This is italicized text.
Use - for bullet points and numbers followed by . for numbered lists.
- Item 1
- Item 2
1. Step one
2. Step two
Output:
Use ~ for blockquotes.
~ This is a quoted statement.
Output:
This is a quoted statement.
Use % to embed an image. Format: %[alt text](url).
%[Sample Image](https://example.com/image.jpg)
Output: An image appears with the given URL.
Use %% to embed a video. Format: %%[alt text](url).
%%[Sample Video](https://example.com/video.mp4)
Output: A video player appears for the provided URL.
Here’s a complete configuration file:
! title: Security Breach Response Plan
! author: Jane Doe
@ Stage 1: Identification
! description
An unusual login attempt was detected.
# facilitator prompts
+ Ask the team to identify possible attack vectors.
+ Discuss recent security training and preparedness.
+ Explore options for immediate response.
? What action should be taken first?
+ Notify the security team
+ Investigate the login origin
+ Block the IP address
%[Incident Diagram](https://example.com/diagram.png)
@ Stage 2: Containment
! description
Contain the breach by isolating affected systems.
# facilitator prompts
+ Review logs for additional suspicious activity.
+ Coordinate with IT to isolate compromised systems.
+ Plan a communication strategy for stakeholders.
%%[Training Video](https://example.com/training.mp4)
Use this guide to create structured, readable, and actionable configuration files.