Students play the role of a network security administrator of an enterprise. They are told that a host on the Internet has been persistently scanning their network.
They will use CVA/H tools to determine:
- The service being targeted by the attacker.
- If the attackers succeeds in finding and exploiting a vulnerability in this service.
Finally, they must block the attacker from the network.
After the attack is blocked, students will learn to exploit the vulnerability in the service.
Prerequisites
- Configure a pfSense firewall and router.
- Create Suricata IDS alerts.
- Analyze information displayed on a Kibana dashboard.
Expected Duration
2 hours, self-paced. Pause and continue at any time.
2 CPEs awarded on successful completion.
In this exercise the student is presented with an OT (Operational Technology) network that controls the HVAC system for a building. Malware in the network has forced the temperature in the network to uncomfortably low values.
The student is tasked with finding the source of the Modbus commands forcing the low temperatures: the computer originating the commands and the malware process on the computer. The malware might have hidden itself; the student must unhide the process and kill it.
Expected Duration
2 hours, self-paced. Pause and continue at any time.
2 CPEs awarded on successful completion.