You’ve been hacked, or even only suspect you’ve been hacked. Now what?

Labs in this category guide you through approaches to addressing and managing the aftermath of an attack or security breach. You’ll get to experience actual attacks, within a controlled environment, so that the first time you see ransomware isn’t on your critical systems.

The labs in this category focus on the technical aspects of incident response, mitigation, and recovery, versus site-specific organizational policies or procedures.

Questions about which lab is right for you? Contact cyrin@atcorp.com.

This lab teaches three different Denial of Service attacks and techniques to mitigate them:

  1. A TCP SYN Flood attack that exploits a weakness in the design of the TCP transport protocol,
  2. A slow HTTP attack called Slowloris that takes advantage of how HTTP servers work,
  3. A DNS amplification attack that exploits misconfigured DNS servers, of which there are plenty on the Internet.

Prerequisites

Basic web application knowledge (HTTP, URL parameters, etc.), networking concepts (TCP/IP, DNS, etc.), and familiarity with the Unix/Linux command line.

Expected Duration

2 hours, self-paced. Pause and continue at any time.
2 CPEs awarded on successful completion.

Cost

$79 for 6 months of access.

Free if you are a subscriber to any of the following training packages:

  • Cyber Range Labs All Access Package
  • Level 1: CYRIN Enterprise Instructional Labs
  • Level 2: Attack/Defense/IR Exercises & Instructional Labs
  • Level 3: Utility Under Attack Scenarios, Attack/Defense/IR Exercises, & Instructional Labs
Educational Lab

Where do you begin in network traffic analysis? Learn the process for examining a live or pre-recorded packet capture file using graphical tools such as Wireshark. Is there malicious activity? Learn to think like an attacker, going through the same methods the attacker would, to assess whether what you're seeing is "normal" or signs of an attack. At the same time, students will run basic network scans using nmap, while seeing how they appear in Wireshark. Finally, students will analyze packet traces indicative of HTTP-based attacks.

Prerequisites

Basic familiarity with TCP/IP networking (advanced knowledge not required) and familiarity with the Unix/Linux command line.

Expected Duration

2 hours, self-paced. Pause and continue at any time.
2 CPEs awarded on successful completion.

Cost

$79 for 6 months of access.

Free if you are a subscriber to any of the following training packages:

  • Cyber Range Labs All Access Package
  • Essential Tools for Cybersecurity
  • Essential Tools for Network Engineering
  • Level 1: CYRIN Enterprise Instructional Labs
  • Level 2: Attack/Defense/IR Exercises & Instructional Labs
  • Level 3: Utility Under Attack Scenarios, Attack/Defense/IR Exercises, & Instructional Labs
Educational Lab

Build on what you learned in Protocol Analysis I, this time using command line tools and techniques. You will use the ubiquitous tcpdump program, starting with simple capture tasks and then building up to complex filtering and display options. In the process, you will dig deeply into TCP and IP header fields, learning how these can be used to find the traffic you're interested in. You will examine ICMP, SSH, and HTTP traffic, including that from web shells commonly used in attacks. With the techniques learned in this exercise, you will be able to gather and filter packet capture data from server systems, then later process it on graphical security operations workstations.

Prerequisites

The Protocol Analysis I lab or equivalent knowledge of Wireshark and TCP/IP packet capture. Familiarity with how to use the command line in Linux/Unix systems.

Expected Duration

2 hours, self-paced. Pause and continue at any time.
2 CPEs awarded on successful completion.

Cost

$79 for 6 months of access.

Free if you are a subscriber to any of the following training packages:

  • Cyber Range Labs All Access Package
  • Level 1: CYRIN Enterprise Instructional Labs
  • Level 2: Attack/Defense/IR Exercises & Instructional Labs
  • Level 3: Utility Under Attack Scenarios, Attack/Defense/IR Exercises, & Instructional Labs
Educational Lab

Students will learn to use the Cuckoo sandbox to determine if an executable or document is potential malware. If the executable is packed (compressed), they will learn to use a debugger to unpack it.

Prerequisites

Basic knowledge of computer architecture and assembly language, and familiarity with the Unix/Linux command line.

Expected Duration

2 hours, self-paced. Pause and continue at any time.
2 CPEs awarded on successful completion.

Cost

$79 for 6 months of access.

Free if you are a subscriber to any of the following training packages:

  • Cyber Range Labs All Access Package
  • Level 1: CYRIN Enterprise Instructional Labs
  • Level 2: Attack/Defense/IR Exercises & Instructional Labs
  • Level 3: Utility Under Attack Scenarios, Attack/Defense/IR Exercises, & Instructional Labs
Educational Lab