Students will gain experience with the widely-used open source Metasploit® framework and related tools for exploiting vulnerable software and insecure system configurations. The exercise leads students through the entire process, from scanning the network to getting remote shells and accessing sensitive information. By seeing the tools available to potential attackers, students will gain a greater appreciation for the need to keep software up-to-date and securely configured.
Prerequisites
Basic networking concepts (TCP/IP, DNS, etc.) and familiarity with the Unix/Linux command line.
Expected Duration
1 hour, self-paced. Pause and continue at any time.
1 CPE awarded on successful completion.
Availability
Included if you are a subscriber to any of the following training packages:
- Level 1: CYRIN Enterprise Instructional Labs
- Level 2: Attack/Defense/IR Exercises and Instructional Labs
- Level 3: Attack Scenarios, Attack/Defense/IR Exercises, and Instructional Labs
- Essential Tools for Cybersecurity
- Vulnerability Scanning Package
- Introduction to Cybersecurity Lab Package
- Introduction to Network Security Lab Package
- Secure Software Assessor
- Cyber Defense Analyst 1
- Cyber Operator 1
- Vulnerability Assessment Analyst 1
- Target Developer 1
- Systems Security Analyst 1
- Security Architect
- Authorizing Official/Designating Representative
- Vulnerability Assessment and Management NICE Specialty Area Package
- Exploitation Analysis 1 NICE Specialty Area Package
Students will use the free OpenVAS web tool suite to identify vulnerabilities in services available on an unknown network. The network will include several targets with known-vulnerable software versions and/or configurations.
Prerequisites
Basic operating system security concepts, networking concepts (TCP/IP, DNS, etc.), and familiarity with the Unix/Linux command line.
Expected Duration
2 hours, self-paced. Pause and continue at any time.
2 CPEs awarded on successful completion.
Availability
Included if you are a subscriber to any of the following training packages:
- Level 1: CYRIN Enterprise Instructional Labs
- Level 2: Attack/Defense/IR Exercises and Instructional Labs
- Level 3: Attack Scenarios, Attack/Defense/IR Exercises, and Instructional Labs
- Vulnerability Scanning Package
- Secure Software Assessor
- Target Developer 2
- Systems Security Analyst 2
- Vulnerability Assessment and Management NICE Specialty Area Package
- Authorizing Official/Designating Representative
- Exploitation Analysis 1 NICE Specialty Area Package
Students will build on the results of labs in the Web Application Security Analysis and Network Monitoring categories by using the SPARTA network infrastructure penetration testing tool, a graphical application that automates many common vulnerability assessment tasks. Students will use SPARTA within a graphical Kali Linux environment, scanning multiple unknown target systems and exploring found weaknesses.
Prerequisites
Basic web application knowledge (HTTP, URL parameters, etc.), networking concepts (TCP/IP, DNS, etc.), and familiarity with the Unix/Linux command line.
Expected Duration
2 hours, self-paced. Pause and continue at any time.
2 CPEs awarded on successful completion.
Availability
Included if you are a subscriber to any of the following training packages:
- Level 1: CYRIN Enterprise Instructional Labs
- Level 2: Attack/Defense/IR Exercises and Instructional Labs
- Level 3: Attack Scenarios, Attack/Defense/IR Exercises, and Instructional Labs
- Essential Tools for Cybersecurity
- Vulnerability Scanning Package
- Secure Software Assessor
- Cyber Operator 1
- Vulnerability Assessment Analyst 1
- Target Developer 1
- Systems Security Analyst 1
- Security Architect
- Authorizing Official/Designating Representative
- Vulnerability Assessment and Management NICE Specialty Area Package
- Exploitation Analysis 2 NICE Specialty Area Package
