Welcome to our Cyber Defense Lab - Your Gateway to Practitioner-focused Cybersecurity Training.

So you have acquired some entry level certifications without having the skills and abilities needed to perform the job duties of an entry level professional? Come try your hands on our scenarios and exercises to develop the muscle memory needed to have meaningful conversations with potential employers.

• Knowledge-based exercise

Data Breach Notification by an External Party

A data breach is a security violation, in which sensitive, protected or confidential…

Learn more

A data breach is a security violation, in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. Other terms are unintentional information disclosure, data leak, information leakage, and data spill

• Knowledge-based exercise

Responding to a Phishing E-mail Storm

Social Engineering attacks, mostly Phishing, remain one of the most potent cyber-attac..

Learn more

Social Engineering attacks, mostly Phishing, remain one of the most potent cyber-attack tactics. An email account can becompromised in a number of different ways. In some cases, a weak password may be easily cracked, guessed, or obtained through a public breach. In other cases, an unsuspecting or untrained user may unwittingly hand his/her password to criminals by clicking on a malicious link in an email, social networking site, or webpage.

• Knowledge-based exercise

Client-Side Attack: Drive by Download

Drive by download generally occurs in two ways. The first way is when a user takes…

Learn more

Drive by download generally occurs in two ways. The first way is when a user takes an action (e.g. clicks on alink or installs a malicious software) without knowing its full implications, while the second way is when a userunwittingly visits a compromised website, which then redirects the traffic to another site where a malicious codeor file is served to the end user’s computer.

• Knowledge-based exercise

Ransomware Defense and Payment Decision

On May 7, 2021, Colonial Pipeline, an American oil pipeline system that originates…

Learn more

On May 7, 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, and carries gasolineand jet fuel mainly to the Southeastern United States, suffered a ransomware cyberattack that impacted computerizedequipment managing the pipeline. The Colonial Pipeline Company halted all pipeline operations to contain the attack.

• Knowledge-based exercise

Lost or Stolen Laptop Incident

As the cyber defense analyst on shift on a particular day, you received a call from one of your colleagues in the Legal department…

Learn more

As the cyber defense analyst on shift on a particular day, you received a call from one of your colleagues in the Legal department about her missing laptop. This individual could not categorically state whether the laptop was lost or stolen apart from letting you know that it was probably left on a train. Your colleague is very concerned because the missing laptop contains a lot of sensitive information related to ongoing litigations, as well as personal data of more than5,000 employees.

• Skill-based scenario

Investigating Reconnaissance Activities

As the cyber defense analyst on shift on a particular day, you received a call from one of your colleagues in the Legal department…

Learn more

As the cyber defense analyst on shift on a particular day, you received a call from one of your colleagues in the Legal department about her missing laptop. This individual could not categorically state whether the laptop was lost or stolen apart from letting you know that it was probably left on a train. Your colleague is very concerned because the missing laptop contains a lot of sensitive information related to ongoing litigations, as well as personal data of more than5,000 employees.

Lab Skill-based Scenarios

• Skill-based scenario

Investigating Reconnaissance Activities

Reconnaissance or fingerprinting activities usually take place during the early stages…

Learn more

Reconnaissance or fingerprinting activities usually take place during the early stages of a cyber attack.This is how cyber adversaries obtain intelligence about possible paths, and indeed, the paths of least resistance into their target environment. As a security analyst, your response actions should commence as early as possible in thecyber kill chain.

• Skill-based scenario

External Attack Against a Webserver

One common way by which hackers gain unauthorized access to an enterprise envir…

Learn more

One common way by which hackers gain unauthorized access to an enterprise environment is via a victim organization’s web facing infrastructure. For instance, in July 2017, Equifax system administrators discovered that attackers had gained unauthorized access via the Internet to the online dispute portal that maintained documents used to resolve consumer disputes (see figure 1).

• Skill-based scenario

Investigating Unauthorized Access Attempts​

File integrity monitoring is a technical cyber security control, which primarily detects a…

Learn more

File integrity monitoring is a technical cyber security control, which primarily detects and alerts on unauthorized changes in critical system files. The idea behind file integrity monitoring is that for any malicious code to do damage to a system, it must alter some files. So, when such event happens, the security analyst must be prompted into conducting an investigation

• Skill-based scenario

Detecting Command Execution

Anomaly detection refers to the action of finding patterns in a protected system that do not match the expected behavior. Waz…

Learn more

Anomaly detection refers to the action of finding patterns in a protected system that do not match the expected behavior. Wazuh uses a broad-spectrum approach to finding anomalous patterns that indicate possible intrusions.

• Skill-based scenario

From SSRF Vulnerability Exploitation to Data Exfiltration

Hilldale, a Fintech entity, suffered a high-impact cyber-attack in the hands of an ind…

Learn more

Hilldale, a Fintech entity, suffered a high-impact cyber-attack in the hands of an individual hacker who successfully exploited vulnerabilities in its systems. Once a primary target, an EC2 instance, was acquired, a server-side request forgery (SSRF) vulnerability in Apache was successfully exploited to conduct internal reconnaissance, acquire valid credentials with permissions that allowed broad access to S3 buckets which contained personal data of almost 10 million customers.

• Skill-based scenario

Threat Hunting with an Industry Leading EDR Solution

Master the art of threat hunting as you learn how to search for threats not surfaced…

Learn more

Master the art of threat hunting as you learn how to search for threats not surfaced through alerting.

Researching Suspicious Historical Events​

Monitoring security events and responding to events of interest on a near-real time…

Learn more

Monitoring security events and responding to events of interest on a near-real time basis is always the most desirable situation. However, this is not always possible especially where an organization lacks adequate human resources. For organizations in this type of situation, one useful way of maintaining awareness of security events on their network,albeit retrospectively, is by researching historical events to find any activities that may warrant analysis and other response actions.

Investigating Malicious Command Execution

Malicious command execution is one of many important security events to which…

Learn more

Malicious command execution is one of many important security events to which any security analyst must pay close attention because this is how malicious individuals typically compromise a system or maintain greater control over it.

Detection and Analysis of Reverse Shell Traffic ​

A reverse shell allows attackers to bypass network security controls by instructing…

Learn more

A reverse shell allows attackers to bypass network security controls by instructing a compromised computer to initiate outbound communication to an attacker’s machine external to the network. Most organizations pay a lot of attention to perimeter defense, which makes it relatively hard for an attacker to initiate inbound traffic from outside of a target’s network.

Investigating Data Exfiltration Activity​

Data exfiltration is typically the last stage of a cyber attack. It occurs when a cyber….

Learn more

Data exfiltration is typically the last stage of a cyber attack. It occurs when a cyber adversary with access to an internal network harvests and transfers confidential information of the breached entity (or its customers) to an external location. Another term used to describe this act is data theft. There is a common saying that “data is the destination for hackers; everything else is a means to this end”.

• Skill-based scenario

Hunting Down a Web Shell Attack​

A web shell (i.e., a shell that can be accessed through the web) attack is…

Learn more

A web shell (i.e., a shell that can be accessed through the web) attack is commonly used to gain initial foothold ina network through exploitation of a vulnerability on a website.

• Skill-based scenario

Web Shell Attack Detection and Analysis

A web shell (i.e., a shell that can be accessed through the web) attack…

Learn more

A web shell (i.e., a shell that can be accessed through the web) attack is commonly used to gain initial foothold ina network through exploitation of a vulnerability on a website

• Skill-based scenario

Anomaly Detection and Investigation

Anomaly detection refers to the action of finding patterns in a protected system…

Learn more

Anomaly detection refers to the action of finding patterns in a protected system that do not match the expected behavior. Wazuh uses a broad-spectrum approach to finding anomalous patterns that indicate possible intrusions.

This carouse will be move to homepage

Immersive Virtual Labs

Ready to enhance your existing skills or gain new ones? Dive into our cyber defense lab to experience what working as a security analyst feels like. Our skill-based scenarios and knowledge-based exercises are designed and developed based on what you are guaranteed to experience in the real-world.

Two Twin Oaks, 227 N Looop 1604
E.San Antonio, TX 78232

© 2024 Cyberation, LLC. All Rights Reserved.