Welcome to our Cyber Defense Lab - Your Gateway to Practitioner-focused Cybersecurity Training.
So you have acquired some entry level certifications without having the skills and abilities needed to perform the job duties of an entry level professional? Come try your hands on our scenarios and exercises to develop the muscle memory needed to have meaningful conversations with potential employers.
Lab Exercises
• Knowledge-based exercise
Data Breach Notification by an External Party
A data breach is a security violation, in which sensitive, protected or confidential data iscopied, transmitted, viewed, stolen or used by an individual unauthorized to do so. Otherterms are unintentional information disclosure, data leak, information leakage, and data spill
A data breach is a security violation, in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. Other terms are unintentional information disclosure, data leak, information leakage, and data spill
• Knowledge-based exercise
Responding to a Phishing E-mail Storm
Social Engineering attacks, mostly Phishing, remain one of the most potent cyber-attack tactics. An email account can becompromised in a number of different ways. In some cases, a weak password may be easily cracked, guessed, or obtained through a public breach. In other cases, an unsuspecting or untrained user may unwittingly hand his/her password to criminals by clicking on a malicious link in an email, social networking site, or webpage.
Social Engineering attacks, mostly Phishing, remain one of the most potent cyber-attack tactics. An email account can becompromised in a number of different ways. In some cases, a weak password may be easily cracked, guessed, or obtained through a public breach. In other cases, an unsuspecting or untrained user may unwittingly hand his/her password to criminals by clicking on a malicious link in an email, social networking site, or webpage.
• Knowledge-based exercise
Client-Side Attack: Drive by Download
Drive by download generally occurs in two ways. The first way is when a user takes an action (e.g. clicks on alink or installs a malicious software) without knowing its full implications, while the second way is when a userunwittingly visits a compromised website, which then redirects the traffic to another site where a malicious codeor file is served to the end user’s computer.
• Knowledge-based exercise
Ransomware Defense and Payment Decision
On May 7, 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States, suffered a ransomware cyber attack that impacted computerized equipment managing the pipeline. The Colonial Pipeline Company halted all pipeline operations to contain the attack.
On May 7, 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, and carries gasolineand jet fuel mainly to the Southeastern United States, suffered a ransomware cyberattack that impacted computerizedequipment managing the pipeline. The Colonial Pipeline Company halted all pipeline operations to contain the attack.
• Knowledge-based exercise
Lost or Stolen Laptop Incident
As the cyber defense analyst on shift on a particular day, you received a call from one of your colleagues in the Legaldepartment about her missing laptop. This individual could not categorically state whether the laptop was lost or stolen apart from letting you know that it was probably left on a train. Your colleague is very concerned because the missing laptop contains a lot of sensitive information related to ongoing litigations, as well as personal data of more than 5,000 employees.
As the cyber defense analyst on shift on a particular day, you received a call from one of your colleagues in the Legal department about her missing laptop. This individual could not categorically state whether the laptop was lost or stolen apart from letting you know that it was probably left on a train. Your colleague is very concerned because the missing laptop contains a lot of sensitive information related to ongoing litigations, as well as personal data of more than5,000 employees.
• Skill-based scenario
Investigating Reconnaissance Activities
Reconnaissance or fingerprinting activities usually take place during the early stages of a cyber attack.This is how cyber adversaries obtain intelligence about possible paths, and indeed, the paths of least resistance into their target environment. As a security analyst, your response actions should commence as early as possible in thecyber kill chain.
As the cyber defense analyst on shift on a particular day, you received a call from one of your colleagues in the Legal department about her missing laptop. This individual could not categorically state whether the laptop was lost or stolen apart from letting you know that it was probably left on a train. Your colleague is very concerned because the missing laptop contains a lot of sensitive information related to ongoing litigations, as well as personal data of more than5,000 employees.
Lab Skill-based Scenarios
• Skill-based scenario
Investigating Reconnaissance Activities
Reconnaissance or fingerprinting activities usually take place during the early stages of a cyber attack.This is how cyber adversaries obtain intelligence about possible paths, and indeed, the paths of least resistance into their target environment. As a security analyst, your response actions should commence as early as possible in the cyber kill chain.
Reconnaissance or fingerprinting activities usually take place during the early stages of a cyber attack.This is how cyber adversaries obtain intelligence about possible paths, and indeed, the paths of least resistance into their target environment. As a security analyst, your response actions should commence as early as possible in thecyber kill chain.
• Skill-based scenario
External Attack Against a Webserver
One common way by which hackers gain unauthorized access to an enterprise environment is via a victim organization’s web facing infrastructure. For instance, in July 2017, Equifax system administrators discovered that attackers had gained unauthorized access via the Internet to the online dispute portal that maintained documents used to resolve consumer disputes (see figure 1).
One common way by which hackers gain unauthorized access to an enterprise environment is via a victim organization’s web facing infrastructure. For instance, in July 2017, Equifax system administrators discovered that attackers had gained unauthorized access via the Internet to the online dispute portal that maintained documents used to resolve consumer disputes (see figure 1).
• Skill-based scenario
Investigating Unauthorized Access Attempts
File integrity monitoring is a technical cyber security control, which primarily detects and alerts on unauthorized changes in critical system files. The idea behind file integrity monitoring is that for any malicious code to do damage to a system, it must alter some files. So, when such event happens, the security analyst must be prompted into conducting an investigation.
File integrity monitoring is a technical cyber security control, which primarily detects and alerts on unauthorized changes in critical system files. The idea behind file integrity monitoring is that for any malicious code to do damage to a system, it must alter some files. So, when such event happens, the security analyst must be prompted into conducting an investigation
• Skill-based scenario
Detecting Command Execution
Anomaly detection refers to the action of finding patterns in a protected system that do not match the expected behavior. Wazuh uses a broad-spectrum approach to finding anomalous patterns that indicate possible intrusions.
Anomaly detection refers to the action of finding patterns in a protected system that do not match the expected behavior. Wazuh uses a broad-spectrum approach to finding anomalous patterns that indicate possible intrusions.
• Skill-based scenario
From SSRF Vulnerability Exploitation to Data Exfiltration
Hilldale, a Fintech entity, suffered a high-impact cyber-attack in the hands of an individual hacker who successfully exploited vulnerabilities in its systems. Once a primary target, an EC2 instance, was acquired, a server-side request forgery (SSRF) vulnerability in Apache was successfully exploited to conduct internal reconnaissance, acquire valid credentials with permissions that allowed broad access to S3 buckets which contained personal data of almost 10 million customers.
Hilldale, a Fintech entity, suffered a high-impact cyber-attack in the hands of an individual hacker who successfully exploited vulnerabilities in its systems. Once a primary target, an EC2 instance, was acquired, a server-side request forgery (SSRF) vulnerability in Apache was successfully exploited to conduct internal reconnaissance, acquire valid credentials with permissions that allowed broad access to S3 buckets which contained personal data of almost 10 million customers.
• Skill-based scenario
Threat Hunting with an Industry Leading EDR Solution
Master the art of threat hunting as you learn how to search for threats not surfaced through alerting.
Master the art of threat hunting as you learn how to search for threats not surfaced through alerting.
Researching Suspicious Historical Events
Monitoring security events and responding to events of interest on a near-real time basis is always the most desirable situation. However, this is not always possible especially where an organization lacks adequate human resources. For organizations in this type of situation, one useful way of maintaining awareness of security events on their network,albeit retrospectively, is by researching historical events to find any activities that may warrant analysis and other response actions.
Monitoring security events and responding to events of interest on a near-real time basis is always the most desirable situation. However, this is not always possible especially where an organization lacks adequate human resources. For organizations in this type of situation, one useful way of maintaining awareness of security events on their network,albeit retrospectively, is by researching historical events to find any activities that may warrant analysis and other response actions.
Investigating Malicious Command Execution
Malicious command execution is one of many important security events to which any security analyst must pay close attention because this is how malicious individuals typically compromise a system or maintain greater control over it.
Malicious command execution is one of many important security events to which any security analyst must pay close attention because this is how malicious individuals typically compromise a system or maintain greater control over it.
Detection and Analysis of Reverse Shell Traffic
A reverse shell allows attackers to bypass network security controls by instructing a compromised computer to initiate outbound communication to an attacker’s machine external to the network. Most organizations pay a lot of attention to perimeter defense, which makes it relatively hard for an attacker to initiate inbound traffic from outside of a target’s network.
A reverse shell allows attackers to bypass network security controls by instructing a compromised computer to initiate outbound communication to an attacker’s machine external to the network. Most organizations pay a lot of attention to perimeter defense, which makes it relatively hard for an attacker to initiate inbound traffic from outside of a target’s network.
Investigating Data Exfiltration Activity
Data exfiltration is typically the last stage of a cyber attack. It occurs when a cyber adversary with access to an internal network harvests and transfers confidential information of the breached entity (or its customers) to an external location. Another term used to describe this act is data theft. There is a common saying that “data is the destination for hackers; everything else is a means to this end”.
Data exfiltration is typically the last stage of a cyber attack. It occurs when a cyber adversary with access to an internal network harvests and transfers confidential information of the breached entity (or its customers) to an external location. Another term used to describe this act is data theft. There is a common saying that “data is the destination for hackers; everything else is a means to this end”.
• Skill-based scenario
Hunting Down a Web Shell Attack
A web shell (i.e., a shell that can be accessed through the web) attack is commonly used to gain initial foothold ina network through exploitation of a vulnerability on a website.
A web shell (i.e., a shell that can be accessed through the web) attack is commonly used to gain initial foothold ina network through exploitation of a vulnerability on a website.
• Skill-based scenario
Anomaly Detection and Investigation
Anomaly detection refers to the action of finding patterns in a protected system…
Anomaly detection refers to the action of finding patterns in a protected system that do not match the expected behavior. Wazuh uses a broad-spectrum approach to finding anomalous patterns that indicate possible intrusions.
Cyber Defense Lab
Ready to enhance your existing skills or gain new ones? Dive into our cyber defense lab to experience what working as a security analyst feels like. Our skill-based scenarios and knowledge-based exercises are designed and developed based on what you are guaranteed to experience in the real-world.
• Skill-based scenario
Researching Suspicious Historical Events
Monitoring security events and responding to events of interest on a near-real time basis is always the most desirable situation. However, this is not always possible especially where an organization lacks adequate human resources...
• Skill-based scenario
Investigating Data Exfiltration Activity
Malicious command execution is one of many important security events to which any security analyst must pay close attention because this is how malicious individuals typically compromise a system or maintain greater control over it...
• Skill-based scenario
Detection and Analysis of Reverse Shell Traffic
A reverse shell allows attackers to bypass network security controls by instructing a compromised computer to initiate outbound communication to an attacker’s machine external to the network....