The following lab packages cross multiple specialty areas in order to give you a broad overview of their topic areas.

Labs that introduce students to a variety of cybersecurity tools ranging from penetration testing, vulnerability assessment, forensics, and malware analysis.

  1. Identifying Live Machines and Services on an Unknown Network. Students will perform scans on a local network to find live machines, identify their operating systems, and locate open network ports. With the open ports identified, they will check to see what services are running on each port and, where possible, extract information about the server software from the "banner" information it sends on each connection.
  2. Service Identification I. Students will use multiple tools to identify services, including software package and version information, running on unknown systems.
  3. Introduction to Metasploit. Metasploit is commonly used by network managers to discover vulnerabilities in a wide variety of software applications, as well as by attackers to exploit those same vulnerabilities.
  4. Web Application Security Analysis using OWASP-ZAP. This lab introduces the OWASP-ZAP security tool and allows students to practice discovering and analyzing vulnerabilities, such as SQL injection and cross site scripting (XSS), in web applications and web sites.
  5. DoS Attacks and Defenses. This lab teaches three different Denial of Service attacks and techniques to mitigate them: (1) A TCP SYN Flood attack that exploits a weakness in the design of the TCP transport protocol, (2) A slow HTTP attack called Slowloris that takes advantage of how HTTP servers work, (3) A DNS amplification attack that exploits misconfigured DNS servers, of which there are plenty on the Internet.
  6. Intrusion Detection using Zeek (formerly Bro). Students will learn how to deploy, configure and customize a Zeek Network Intrusion Detection System (NIDS).  They will customize Zeek to generate enterprise specific logs and to send email notifications of events of interest. They will also create a simple Zeek plugin, using the Zeek scripting language, to detect and block brute force ssh login attempts.
  7. Host IDS Setup with OSSEC. Students learn how to configure and run the widely-used, free OSSEC Host Intrusion Detection System (HIDS). During the exercise, students will learn how to check for rootkits using OSSEC, how to verify file integrity, how to set up passive and active responses, and more. Host intrusion detection is critical to maintaining a secure system, and is required by HIPAA and PCI regulations, both of which OSSEC can help you meet.
  8. Log Analysis with RSYSLOG. This lab teaches students to setup and configure a central RSYSLOG server that will receive and store logs from FreeBSD, Linux and Windows clients. Students will learn to configure log forwarding on the clients, and log rotation and filtering on the server. They will also learn to use Logwatch to analyze logs and fail2ban to automatically respond to suspicious activity found in the logs.
  9. Firewall Configuration with pfSense. Students will learn to secure and configure the widely used, open-source pfSense firewall. They will learn to create firewall rules, the order in which rules are applied, how pfSense aliases can be used to simplify the pfSense rule set, and how to secure pfSense itself. They will also learn to view statistics and logs collected by pfSense.
  10. Introductory File System Forensics. File systems store the vast majority of forensically-relevant information about cybercrimes. This lab will introduce you to the process of imaging and forensically analyzing disks, including finding artifacts such as deleted files.

Prerequisites

Prerequisites vary by lab, but are generally: familiarity with the Unix/Linux command line and basic networking concepts (TCP/IP, DNS, etc.).

Expected Duration

19 hours, self-paced. Pause and continue at any time.
19 CPEs awarded on successful completion.

Cost

$915 for 6 months of access.

Training Package

A collection of labs that introduce students to threats of computer networks, and techniques to mitigate them.

  1. Identifying Live Machines and Services on an Unknown Network. Students will use tools such as nmap, unicornscan, and fping to identify systems on a local network, including both Unix and Windows targets. Students will identify the operating systems these systems are running, as well as the types of network services they are providing.
  2. Service Identification I. Students will use common command line tools such as Nmap, nbtscan, onesixtyone, snmpwalk, and Metasploit to identify services, including software package and version information, running on unknown systems. Network services to be targeted include those running on non-standard ports or behind firewall rules.
  3. DoS Attacks and Defenses. This lab teaches three different Denial of Service attacks and techniques to mitigate them: (1) A TCP SYN Flood attack that exploits a weakness in the design of the TCP transport protocol, (2) A slow HTTP attack called Slowloris that takes advantage of how HTTP servers work, (3) A DNS amplification attack that exploits misconfigured DNS servers, of which there are plenty on the Internet.
  4. Protocol Analysis I: Wireshark Basics. Where do you begin in network traffic analysis? Learn the process for examining a live or pre-recorded packet capture file using graphical tools such as Wireshark. Is there malicious activity? Learn to think like an attacker, going through the same methods the attacker would, to assess whether what you're seeing is "normal" or signs of an attack. At the same time, students will run basic network scans using nmap, while seeing how they appear in Wireshark. Finally, students will analyze packet traces indicative of HTTP-based attacks.
  5. Intrusion Detection using Zeek (formerly Bro). Students will learn how to deploy, configure and customize a Zeek Network Intrusion Detection System (NIDS). They will customize Zeek to generate enterprise specific logs and to send email notifications of events of interest. They will also create a simple Zeek plugin, using the Zeek scripting language, to detect and block brute force ssh login attempts.
  6. Firewall Configuration with pfSense. Students will learn to secure and configure the widely used, open-source pfSense firewall. They will learn to create firewall rules, the order in which rules are applied, how pfSense aliases can be used to simplify the pfSense rule set, and how to secure pfSense itself. They will also learn to view statistics and logs collected by pfSense.
  7. VPN Server Configuration with OpenVPN. Students will learn to configure and set up an OpenVPN server. OpenVPN is an open-source virtual private network (VPN) solution. VPNs extend a private network over a public network, allowing users to send and receive data the public networks as if they are directly connected to the private network. Students will learn to set up a Certificate Authority to create the keys and certificates needed to (1) authenticate users (VPN clients) and the VPN server and, (2) encrypt communication between the two. They will also learn how to revoke client certificates.
  8. Split-Horizon DNS Configuration using BIND. Hackers shouldn’t be able to explore your internal network. To make sure they do not, you need to learn about split horizon DNS configuration. And it might help to know something about BIND, probably the most used DNS software on the internet. In this lab, students will configure a split-horizon DNS infrastructure that consists of two DNS servers: An External DNS server and an Internal DNS server. The External DNS lives in the organization's DMZ network; it is used by external hosts to resolve names of servers in the DMZ. The Internal DNS lives in the organization's internal network and is reachable only by hosts on the internal network. It resolves names of hosts on the internal network.
  9. Log Analytics with Elastic Stack. Elastic Stack is a group of services designed to take data from almost any type of source and in almost any type of format, and to search, analyze and visualize that data in real time. In this lab, Elastic Stack will be used for log analytics. Students will learn to set up and run the Elasticsearch, Logstash and Kibana components of Elastic Stack. Multiple computers in a small network will forward their logs to a central server where they will be processed by Elastic Stack. Student will use Kibana to view logs, filter them and set up dashboards. Information in the logs will be used to identify and block an on-going attack.
  10. Introduction to Metasploit. Students will gain experience with the widely-used open source Metasploit® framework and related tools for exploiting vulnerable software and insecure system configurations. The exercise leads students through the entire process, from scanning the network to getting remote shells and accessing sensitive information. By seeing the tools available to potential attackers, students will gain a greater appreciation for the need to keep software up-to-date and securely configured.

Prerequisites

Prerequisites vary by lab, but are generally: familiarity with the Unix/Linux command line and basic networking concepts (TCP/IP, DNS, etc.).

Expected Duration

19 hours, self-paced. Pause and continue at any time.
19 CPEs awarded on successful completion.

Cost

$915 for 6 months of access.

Training Package

Topics covered include host and network-based intrusion detectors, securing the network using firewalls and VPNs, detecting intrusions and anomalous activity by analyzing logs and network packets, and ensuring web applications hosted on the network are secure.

  1. Host IDS Setup with OSSEC. Students learn how to configure and run the widely-used, free OSSEC Host Intrusion Detection System (HIDS). During the exercise, students will learn how to check for rootkits using OSSEC, how to verify file integrity, how to set up passive and active responses, and more. Host intrusion detection is critical to maintaining a secure system, and is required by HIPAA and PCI regulations, both of which OSSEC can help you meet.
  2. Introductory IDS Configuration with Snort. Students will learn how to configure an Intrusion Detection System (IDS) to examine traffic to/from a firewall. The popular Snort® IDS will be used in this exercise. The exercise will include both harmless background traffic and potentially-malicious traffic to be detected by Snort.
  3. Intrusion Detection using Zeek (formerly Bro). Students will learn how to deploy, configure and customize a Zeek Network Intrusion Detection System (NIDS). They will customize Zeek to generate enterprise specific logs and to send email notifications of events of interest. They will also create a simple Zeek plugin, using the Zeek scripting language, to detect and block brute force ssh login attempts.
  4. Firewall Configuration with pfSense. Students will learn to secure and configure the widely used, open-source pfSense firewall. They will learn to create firewall rules, the order in which rules are applied, how pfSense aliases can be used to simplify the pfSense rule set, and how to secure pfSense itself. They will also learn to view statistics and logs collected by pfSense.
  5. VPN Server Configuration with OpenVPN. Students will learn to configure and set up an OpenVPN server. OpenVPN is an open-source virtual private network (VPN) solution. VPNs extend a private network over a public network, allowing users to send and receive data the public networks as if they are directly connected to the private network. Students will learn to set up a Certificate Authority to create the keys and certificates needed to (1) authenticate users (VPN clients) and the VPN server and, (2) encrypt communication between the two. They will also learn how to revoke client certificates.
  6. Split-Horizon DNS Configuration using BIND. Hackers shouldn’t be able to explore your internal network. To make sure they do not, you need to learn about split horizon DNS configuration. And it might help to know something about BIND, probably the most used DNS software on the internet. In this lab, students will configure a split-horizon DNS infrastructure that consists of two DNS servers: An External DNS server and an Internal DNS server. The External DNS lives in the organization's DMZ network; it is used by external hosts to resolve names of servers in the DMZ. The Internal DNS lives in the organization's internal network and is reachable only by hosts on the internal network. It resolves names of hosts on the internal network. The lab uses BIND, the most popular DNS server in use today.
  7. Log Analysis with RSYSLOG. This lab teaches students to setup and configure a central RSYSLOG server that will receive and store logs from FreeBSD, Linux and Windows clients. Students will learn to configure log forwarding on the clients, and log rotation and filtering on the server. They will also learn to use Logwatch to analyze logs and fail2ban to automatically respond to suspicious activity found in the logs.
  8. Analyzing Potential Malware. Malware is distributed as seemingly innocent executables or documents. This lab will help students determine if a file may contain malware. They will use the Cuckoo sandbox to run the suspect executable and look for signs of malicious behavior. Malware is often packed (compressed) to avoid detection by anti-virus programs and to make analysis difficult. They will learn to use an assembly-level debugger to unpack a packed executable.
  9. Protocol Analysis I: Wireshark Basics. Where do you begin in network traffic analysis? Learn the process for examining a live or pre-recorded packet capture file using graphical tools such as Wireshark. Is there malicious activity? Learn to think like an attacker, going through the same methods the attacker would, to assess whether what you're seeing is "normal" or signs of an attack. At the same time, students will run basic network scans using nmap, while seeing how they appear in Wireshark. Finally, students will analyze packet traces indicative of HTTP-based attacks.
  10. Web Application Security Analysis using OWASP-ZAP. Students will use the OWASP program’s ZAP tool suite from within Kali Linux to scan multiple web services and document vulnerabilities. Students will see ZAP in action on a vulnerable web site where entire database tables are available to potential attackers.

Prerequisites

Prerequisites vary by lab, but are generally: familiarity with the Unix/Linux command line and basic networking concepts (TCP/IP, DNS, etc.).

Expected Duration

20 hours, self-paced. Pause and continue at any time.
20 CPEs awarded on successful completion.

Cost

$915 for 6 months of access.

Training Package