Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

INTRODUCING

 

 

Immersive Lab-based Virtual Training for Cyber Security Professionals

 

Available with Cybrary for Business and Cybrary Insider Pro, this premium application aligns with the NIST Cyber Security Workforce Framework to provide a catalog of immersive labs that quantify a user’s ability around incident response, malware analysis, exploitation, penetration testing and vulnerability assessment, reverse engineering, information assurance and cyber forensics.

 

SCROLL FOR MORE

Immersive labs aligned to the NIST Cyber Security Workforce Framework

 

Categorized by Work-role, the following browser-based labs come pre-loaded with all the software and tools needed. Access real desktops and servers; learn anywhere, anytime, as long as you have an internet connection you can get into any of our labs.

 

 

 

Sign up for a Cybrary for Business account or upgrade to Cybrary Insider Pro and gain access to this premium application, Cybrary Live and over 500 other premium applications including Practice Labs, Practice Tests and more.

 

 

CYBRScore comes with a regularly updated catalog of labs to develop core cyber security skills:

 

 
Additional Scanning Options
Students will leverage Nmap, a network discovery and mapping tool, to identify the systems on a network of responsibility.  Students will utilize non-traditional scans to attempt avoiding an Intrusion Detection System (IDS).

Advanced Techniques for Malware Recovery
Students will use the SysInternals Suite of utilities to analyze processes, DLLs, registry edits and other auto start functions to locate and remove malicious software from an infected Windows 7 victim machine.

Analyze and Classify Malware
In this lab you will attempt to conduct basic analysis on some malware samples that were found on the internal network.

Analyze and Update a Company BCP/BIA/DRP/CIRP
Students will become familiar with the Business Continuity Plan (BCP), Business Impact Assessment (BIA), Disaster Recovery Plan (DRP) and Computer Incident Response Plan (CIRP).  Each of these documents are used to address different, but related, aspects of continuing or recovering business functionality during/after an incident. During the course of the lab, students will perform a gap analysis using the provided BCP, BIAs and DRP, and make the necessary fixes to the DRP.

Analyze Browser-based Heap Spray Attack
Students will identify a browser-based attack used against a corporate asset using a network protocol analyzer.  Students will determine the type of attack used and pinpoint exploit code in network traffic.

Analyze Malicious Activity in Memory Using Volatility
Students will use the open source Volatility tool to analyze a memory snapshot and determine what malicious software has infected the victim machine.

Analyze SQL Injection Attack
Students will Identify the use of an SQL Injection through the use of Wireshark.  The students will also isolate the different aspects of the SQL Injection and execute the selected code.

Analyze Structured Exception Handler Buffer Overflow Exploit
Students will identify the use of a Buffer Overflow exploit through the use of Wireshark and by analyzing items found in the captured traffic.  The students will also find the exploit code and isolate the different aspects of a Buffer Overflow exploit.

Analyze Various Data Sources to Confirm Suspected Infection
Students will review network traffic to confirm the presence of malicious activity using various tools including Wireshark and VirusTotal.com.

Applying Filters to TCPDump and Wireshark – Scored
This lab exercise is designed to allow the trainee to become familiar with applying a capture filter to TCPDump and Wireshark using Berkley Packet Filter (BPF) syntax.

Assess A High-Risk System
Systems that are required to provide remote or public customer access should be placed in a Demilitarized Zone (DMZ).  The DMZ is a separate space set aside for public access but does not allow attackers access to sensitive internal network assets.  If public-facing (Internet) servers were hosted on the internal network then an attacker could easily breach the server and use trust relationships or configurations to burrow further into the internal network.

Auditing Service Accounts and Creation of Service Accounts To Run Specific Services
Students will explore the auditing of service accounts in a Windows Environment.  Students will then replace services running with the administrator account with accounts that are appropriate for that running service.

Automated Vulnerability Assessments
Students will use Core Impact to conduct an automated vulnerability scan of specific systems in order to identify potential threat vectors.

Baseline Systems in Accordance with Policy Documentation
Students are provided a whitelist of applications allowed for installation on a system.  Students will compare the list against multiple hosts and remove the installed applications which are not on the list.

BCP DRP and Test Planning
Students will become familiar with the Business Continuity Plan (BCP), Business Impact Assessment (BIA) and Disaster Recovery Plan (DRP).  During the course of the lab, students will perform a gap analysis on the provided BCP, BIAs and DRP, and make the necessary fixes to those documents.  After revising the previous documents the students will create a test for the covered assets, procedures and personnel.

BitLocker Setup
This lab shows the student how to setup BitLocker on a Windows 8.1 Professional system.

Block Incoming Traffic on Known Port
In this lab, the student will respond to an incident by blocking incoming traffic on a known port from a specific IP.

Centralized Monitoring
In this lab you will manually upload log data to Splunk. You will also configure Splunk and linux syslog to automate the process of centrally locating log data.

Check for Indicators of Other Attack Activity (Debug PE File)
Students will check for indications of other attack activity.

Comparing Controls
Students will evaluate policies in place on a domain and apply those policies in accordance to organizational standards.

Comprehensive Threat Response
In this final lab we will attempt to exercise all the relevant skills found in this domain.  We are focusing on responding to incidents and the skills needed to address these sorts of problems at the “Practitioner” level.

Conduct Log Analysis and Cross Examination for False Positives
Students will confirm the validity of event-data analysis to eliminate false-positive events.

Core Impact Vulnerability Scan
This exercise will introduce students to the advanced settings within the Core Impact. Students will modify scan settings to perform different types of scans and to learn about the different functionalities Core Impact provides. Students will then compare the results of a Core Impact scan to the results of a port scan against the same target and discuss the differences and similarities between the two tools. Lastly, students will use the reporting feature to generate Core Impact reports.

Core Impact Web Application Penetration Testing
This lab introduces students to the web application penetration testing suite within the Core Impact application.

Create Custom Snort Rules
You will configure snort as an IDS.  Additionally, you have received the following indicators during an active intrusion investigation.  You are going to eliminate the existing snort rules and run a packet capture against this snort rule which will be later deployed to detect network activity using these indicators.

Creating a Baseline Using the Windows Forensic Toolchest (WFT)
Students will run Windows Forensic Toolchest against an existing system to create a baseline that will be used for future analysis.

Creating a List of Installed Programs, Services and User Accounts from a WIN2K12 Server
Students will create a list of installed programs, services, and accounts in a Windows 2012 server environment using various tools and methods.

Creating a Secondary Baseline and Conducting Comparison
Students will create a second baseline using the Window Forensic Toolchest (WFT) and compare it against a previously created baseline using KDiff3.

Creating Recommendations Based on Vulnerability Assessments – Scored
Students will use nmap and OpenVAS / Greenbone Vulnerability Scanner to confirm old vulnerable systems and discover new ones.  They will perform a risk analysis of the findings and determine steps to be taken to mitigate the issues discovered.  Finally, armed with a previously completed audit report as an example, they will fill out the necessary audit documentation to provide details on their findings and any suggested mitigations.

Creating SIEM Reports with Splunk
Students will walk through the creation of SIEM reports using the SPLUNK tool.

Creation of BCP and DRP
Students will be required to create two documents: a Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP). Both documents deal with worst case scenarios concerning how to keep business going despite the occurrence of a natural disaster, catastrophic accident or serious man-made incident.

Creation of Standard Operating Procedures for Recovery – Scored
Students will have access to the results of a vulnerability scan run again a sample Windows 2008 Server.  They will perform any necessary remediations to the server by applying a variety of patches, systems/firewall tweaks in order to further harden it.  Next, they will run a follow-up scan to ensure that the previously discovered weaknesses have been mitigated down to a reasonable level of risk.  After the verification scan has been completed, they will then author a Standard Operating Procedure to help others walk through the same mitigation process they went through – enabling others to perform the same actions on other Windows 2008 servers.

Cybersecurity Testing with Core Impact – Scored
Students use Core Impact to enumerate a local area network and discovery vulnerable machines through a vulnerability scan. Based on the results of the vulnerability scan, students use Core Impact to conduct a penetration test against a previously identified vulnerable machine. Finally, students use the reporting mechanism built into Core Impact to create a host-based assessment outlining the entire vulnerability/penetration test process with a focus on possible remediation actions.

Data Backup and Recovery
In this lab we will simulate the recovery phase where we must perform a backup in a server environment.

Data Backup to Prep for Recovery
In this lab we will simulate the recovery phase where we must perform a backup in a server environment.

Data Recovery with Autopsy
Students will ingest and process a previously acquired forensic image using Autopsy.  The focus of the lab will be on recovering data from the image, reviewing the supplied forensic report and verifying that the image is forensically sound.

Denial of Service PCAP Analysis
The student will act as attacker and defender in this scenario.  They will receive experience using a custom denial of service python script, and then will switch over to the defensive side.  On defense they will need to detect the activity, design firewall rules to block the DoS, implement the rules and then check their effectiveness.

Detect the Introduction and Execution of Malicious Activity
In this lab, the student will simulate browsing and downloading a malicious file from a website then learn how to detect the introduction and executions of malicious activity on a Win7 machine.

DNS as a Remote Shell
This lab exercise is designed to allow the trainee to become familiar with recognizing remote shells that operate using well known ports such as DNS.

Dynamic Malware Analysis Capstone
Students will use utilize two virtual machines, inside a protected network, to observe configuration changes on a known good / clean system and all of the unusual network traffic generated by the suspect software they will be analyzing.  On the clean system they will use Regshot, Argon Network Switcher, Process Hacker, Process Monitor and Noriben to gather details on what the suspicious program is actually doing.  On another support machine they will set up a fake DNS server to receive all suspicious traffic, and pass that traffic over to Wireshark for further analysis.  This lab will continue to foster tool familiarization and will provide the students an introduction to capturing network traffic by using a simple “man-in-the-middle” system.

Event Log Collection
In this lab you will use Splunk Enterprise to ingest logs from a local host for analysis

Firewall Setup and Configuration – Scored
In this lab you will perform the steps necessary to set up a pfSense firewall from the basic command line interface and then configure the firewall using the web configuration GUI on a Windows machine. This lab will provide an understanding how network interfaces are configured to allow network connectivity. You will also view and create a firewall rule which enforces your understanding of how network traffic can be managed at different levels – (IP-based, Protocol-based, Machine-based, etc).

Gap Analysis of Firewall Rules
Students will log into an organization’s firewall, document existing firewall rules, analyze these rules and making recommendations based on this analysis.  Students will then make make the necessary changes.

Host Data Integrity Baselining
This lab takes the trainee into basic concepts regarding establishing baselines of files and directories with Kali Linux and Windows 7. In the first part of the lab, the trainee will establish a baseline of the passwd file within Kali Linux, and in the second part the trainee will establish a baseline of the C:\> drive within Windows 7.

Identify Access to a LINUX Firewall Through SYSLOG Service
Students will identify access to a PFSENSE firewall through the forwarding of SYSLOG (System logs) from a Firewall to the SYSLOG service we have configured and set up on the Network. Students will then identify malicious activity through system logs.

Identify and Remove Trojan Using Various Tools
Students will detect malicious files and processes using various tools.  Students will then remove the malicious files and/or processes.

Identify Rootkit and DLL Injection Activity
Students will use Olly Debugger to debug a suspect program and determine if any of the observed behavior is malicious or not.  They will also use Process Hacker to confirm if a possible DLL injection was successful.  This lab fosters an understanding of debuggers, shows one possible way malicious software hooks into legitimate programs and will provide an “under the hood” perspective on how programs work in the Windows environment.

Identify Suspicious Information in VM Snapshots
Students will identify known IOCs for Stuxnet and save them for analysis.  Students will then identify malicious drivers associated with the malware, and identify AES keys in memory.

Identify Whether High-Risk Systems Were Affected – Scored
The highest risk systems are the ones with Internet facing Applications. One an attacker from the Internet is able to compromise the internal network, then it is very likely they will attempt to move to other machines on the network. The machines in the Demilitarized Zone (DMZ) are at high risk because they are not usually as protected as the computers which are part  of the Internal Network.

Identifying Anomalous ARP
This lab exercise is designed to allow the trainee to become familiar with identifying anomalous ARP traffic.

Identifying Intrusion and Mitigating Attacks with RHEL Server
This last lab is similar to the Windows Incident Response lab, but different in that this one requires you to run through the IR process in a Linux, more specifically a Red-Hat, environment. The same IR methodologies and procedures apply in both environments; these include identifying any security-issues and their scope, containing the issues as best as possible, removing any present threats if found, recovery, and report-generation. Making sure you account for all of these is the key to sound IR work.

Identifying Malicious Network Connections
When investigating a cybersecurity incident it’s important to take memory snapshots of affected systems for further analysis.  Students will conduct analysis and look for malicious network connections, processes, and other artifacts.

Identifying System Vulnerabilities with OpenVAS
Students will scan a system in OpenVAS (Open Vulnerability Assessment) to discover and identify systems on the network that have vulnerabilities.

IDS Setup – Scored
Network and host based Intrusion Detection Systems (IDS) analyze traffic and provide log and alert data for detected events and activity. Security Onion provides multiple IDS options including Host IDS and Network IDS. In this lab you will setup Security Onion to function as a network based IDS and Snorby, the GUI web interface for Snort.

Implement Single System Changes in Firewall
In this lab, you will make changes to the pfSense firewall in order to block specific ports and types of traffic.

Image Forensics Capstone
Students will create a live image using FTK Imager and verify that the image was created successfully.

Implementing Least-Privilege on Windows
Least-privilege is an important concept across many domains (e.g., Windows server/workstation management, networking, Linux management, etc.) and requires great discipline to implement properly. This lab walks students through implementing least privilege in both an Active Directory setup and a normal Windows-based workstation.

Installing Patches and Testing Software
Students will identify if a vulnerability is present in the systems and remediate the vulnerability if necessary.

Leveraging Internal Intelligence Resources
Students will leverage a Zenmap and Microsoft Baseline Security Analyzer (MBSA) in order to perform an internal scan of networked resources.  They will, in turn, use the intelligence they gather about these scanned systems to evaluate the security posture of the devices on the network.

Linux Users and Groups
In this lab students will use command line tools to create, modify, and manage users and groups within the Linux operating environment.

Live Imaging with FTK Imager Lite
Students will use FTK Imager Lite to create a forensic image of a Windows 8 workstation.  After they create the image they will perform a hash check to ensure that the image that was created is the same as what is currently running on the live system.

Log Correlation
Students will use Splunk to ingest server logs and a physical access log to determine if a physical security event has occurred, and if so, who may be behind it.

Log Correlation & Analysis to Identify Potential IOC
When defending networked digital systems, attention must be paid to the logging mechanisms set in place to detect suspicious behavior.  In this lab, students will work with Splunk to help correlate server logs, system logs, and application logs in order to determine if an attacker was successful, and if so what happened and how they got in.

Log Correlation and Analysis
Students will correlate server logs, system logs, and application logs to determine what level of access was obtained to the system and what program was used to provide access.

Log Event Reports
Students will use system logs to create a report.

Man In the Middle Crypto Attack
Students will be placed in the middle of an encrypted chat session. They will be able to analyze the protocol, find the flaws, formulate an attack, and execute the attack.

Manual Vulnerability Assessments
Students will learn how to conduct manual scanning against systems using command line tools such as Netcat then they will login to a discovered system and enable object access verify that auditing to the object is enabled.

Manually Analyze Malicious PDF Documents
Several company employees have received unsolicited emails with suspicious pdf attachments.  The CIO has asked you to look at the attachments and see if they are malicious.

Manually Analyze Malicious PDF Documents 2
Several company employees have received unsolicited emails with suspicious pdf attachments.  The CIO has asked you to look at the attachments and see if they are malicious.

Memory Extraction and Analysis
This is one of the labs for the Advanced Digital Media Forensics class.

Microsoft Baseline Security Analyzer
In this lab you will use Microsoft Baseline Security Analyzer (MBSA) to perform scans of individual host computers and of groups of computers.  You will also learn how to perform the most common scans using command line tools. Once completed, you will have learned how to use MBSA to perform a comprehensive security analysis of your network environment.

Monitoring and Verifying Management Systems
Students will analyze a MBSA Baseline report and compare it to current system configurations.  Students will then make necessary system changes to machines and validate baseline using MBSA.  Students will finally compare hash values to determine if any changes have been made to a system.

Monitoring Network Traffic – Scored
In this lab we will replicate potentially malicious scans from the Internet against a corporate asset.  Scans from the Internet are very common. An analyst should know how to identify this activity by artifacts that are present in the IDS as well as entries in the web logs.

Monitoring Network Traffic for Potential IOA/IOC
In this lab we will replicate potentially malicious scans from the Internet against a corporate asset.  Scans from the Internet are very common. An analyst should know how to identify this activity by artifacts that are present in the IDS as well as entries in the web logs.

Network Discovery – Scored
The Network Discovery lab is designed to help students facilitate open source collection by teaching them how to use more intimate network discovery techniques.

Network Miner
This lab exercise is designed to allow the trainee to become familiar with using Network Miner.

Network Segmentation (FW/DMZ/WAN/LAN)
In this lab we will take the concept of zones and create three zones and route traffic accordingly. We will have the trusted zones ZONE – LAN which will be the internal Local Area Network, ZONE – DMZwhich will be the demilitarized zone, ZONE – WAN – which will be the Wide area network, We will set up a firewall (PFSENSE) to allow internal traffic from the LAN to the WAN. We will allow traffic WAN to DMZ and DMZ to WAN. Internal traffic WILL NOT BE ALLOWED TO ENTER THE DMZ UNLESS IT COMES through the WAN interface. This will prevent/deter hackers who if possibly compromised a DMZ asset will not be able to access the internal LAN segment. We’ll also show trainees how a contractor would likely VPN into a retail network and how to appropriately restrict their access.

Network Topology Generation
Students will utilize Zenmap to generate a visual network topology.
Open Source Collection The Open Source Collection lab is designed to familiarize students with the advanced functionality of Google, default webpages used for web-servers, and the specifics of Google Hacking database.  This allows the students to understand how open source information can be used for exploitation purposes.

Open Source Password Cracking
Students will use John the Ripper and Cain and Abel to crack password protected files

Parse Files Out of Network Traffic
This lab teach students how to extract various files from network traffic using Network Miner and Wireshark.

Participate in Attack Analysis Using Trusted Tool Set
Students will participate in attack analysis/incident response, including root cause determination, to identify vulnerabilities exploited, vector/source and methods used (e.g., malware, denial of service).  Students will then investigate and correlate system logs to identify missing patches, level of access obtained, unauthorized processes or programs.

Patch Installation and Validation Testing
Students will identify if a vulnerability is present on two Windows systems and then move to remediate the vulnerability, if necessary.

Pentesting & Network Exploitation – Linux Target Analysis Labs (4) – Scored
Pentesting & Network Exploitation exposes students to all manner of reconnaissance, scanning, enumeration, exploitation and pillaging for 802.3 networks. The Lab topics expose students to a variety of recon, discovery, scanning, enumeration, exploitation, post-exploitation, pillaging, covering your tracks and persistence.

Pentesting & Network Exploitation: DMZ Exploitation – Scored
Art of Exploitation: Pentesting & Network Exploitation exposes students to all manner of reconnaissance, scanning, enumeration, exploitation and pillaging for 802.3 networks. The Lab topics expose students to a variety of recon, discovery, scanning, enumeration, exploitation, post-exploitation, pillaging, covering your tracks and persistence.

Pentesting & Network Exploitation: LAN Exploitation – Scored
Art of Exploitation: Pentesting & Network Exploitation exposes students to all manner of reconnaissance, scanning, enumeration, exploitation and pillaging for 802.3 networks. The Lab topics expose students to a variety of recon, discovery, scanning, enumeration, exploitation, post-exploitation, pillaging, covering your tracks and persistence.

Pentesting & Network Exploitation: Windows Target Analysis Labs – Scored
Art of Exploitation: Pentesting & Network Exploitation exposes students to all manner of reconnaissance, scanning, enumeration, exploitation and pillaging for 802.3 networks. The Lab topics expose students to a variety of recon, discovery, scanning, enumeration, exploitation, post-exploitation, pillaging, covering your tracks and persistence.

Performing an Initial Attack Analysis
Students will use perform incident response on a compromised machine.

Performing Incident Response in a Windows Environment
This next lab walks students through identifying a security incident, as well as handling and then responding to the incident.

Phishing
Students will send a phishing email using the Social Engineering Toolkit.  Students will then impersonate a user clicking on the attachment to observe how dangerous they can be and generate a phishing awareness email to educate users of the dangers of clicking unknown links.

Post Incident Service Restoration
In this lab, as part of the recovery process, the student will restore services to a host in a post-incident environment.  Startup services, and firewall settings, will both need to be addressed.

Preliminary Scanning
Students will utilize Nmap, a network discovery and mapping tool, to identify the systems on a network of responsibility.  Using the tool, students will identify other devices on the laboratory network, to include computers and network infrastructure devices, such as routers.

Protect Against Beaconing
Students will take a PCAP indicating the presence of a beacon on the network and analyze it.  The analysis will determine if there’s activity that we can mitigate mitigation and then implement a Firewall block with logging to prevent future beaconing.

Recover from SQL Injection Attack
After identifying a SQL Injection attack, students will learn about parameterized queries in back-end web servers to minimize future SQLi attacks.

Recover from Web-Based Flashpack Incident
Students will recover a Windows 7 client infected by an unknown payload loaded after exposure to the FlashPack Exploit Kit.  The recovery will encompass network traffic analysis to determine infection vector and payload delivery mechanisms as well as system-specific recovery procedures to restore the system to its original functionality.

Respond to Cyber Espionage against Overseas Corporate Assets in Taiwan
Students will will be introduced to a real world international cyber espionage campaign that has been used to target corporate assets in Taiwan.  Students will analyze a packet capture in order to determine the nature of the data being sent between a victim machine and a distant server.  Using this information they will have the data needed in order to add valuable content to a cyber incident report.

RootKit
This lab is designed to introduce the student to a Windows rootkit and to some tools and techniques used in discovery and removal of the rootkit.  This experience should provide them with a basic understanding of rootkits and the challenges they pose during the removal process.

Scanning and Mapping Networks
Students will use Zenmap to scan a network segment in order to create an updated network map and detail findings on the systems discovered.  They will use the material they generated to help them discover if there have been any changes to the network after they compare it to a previously generated network map/scan.

Scanning From Windows
Students will leverage Scalnline, a windows network discovery and mapping tool, to identify the systems on a network of responsibility.  Students will utilize non-traditional scans to attempt avoiding an Intrusion Detection System (IDS).

Securing Linux for System Administrators
Linux environments are ubiquitous in many different sectors, and securing these environments is as important as securing Windows environments. This lab walks you through implementing least-privilege and strong security practices in a Linux environment. Specifically, you will walk through ways to secure your Linux box, look at and fix common areas of privilege issues/abuses, and get introduced to SELinux and how it helps when implementing least-privilege.

Setting Up Zones in a Firewall – Scored
Students will configure a pfSense Firewall to create/isolate various network segments.

Sinkholing C2 Traffic
You have a known C2 Domain that has infected your network. You will create a DNS record and sinkhole all requests to this domain. This will allow your analysts to identify which machines are in your environment and also protect your network by redirecting systems that attempt to contact this domain.

Snorby Setup and Operation
This lab exercise is designed to expose trainees to perform an initial setup for Security Onion and to configure and install Snort and Snorby.

SNORT Configuration and Operation Lab
This lab will provide the student with experience in manually installing Snort and its support software, as well as with configuring Snort to behave as a Network Intrusion Detection System.  Students will create a custom user account and group to run Snort and create/test a custom rule.

Snort Signatures, IDS Tuning, and Blocking
Often the security analyst will need to update the existing IDS/IPS (Intrusion Detection/Prevention System) to handle new threats. This lab will simulate creating a reject and drop rule for a specific traffic type and alert the Snoby SEIM when they hit.

Specialized Linux Port Scans
Students will leverage Hping3 to assess ports of various devices on the assigned network.  Students will utilize non-traditional scans to attempt avoiding an Intrusion Detection System (IDS).

System Hardening – Scored
A number of technologies exist that work together to protect systems and networks. The real value of your networks and systems rests in the data that networks carry and reside in systems. In this lab you will focus on some ways you can safeguard the data that resides on systems and when data is sent across the network. Securing an operating system, also known as hardening, strives to reduce vulnerabilities in order to protect a system against threats and attacks.

TCPDump
This lab exercise is designed to allow the trainee become familiar with the basic command arguments and usage of TCPDump.

Threat Designation
Students will conduct scans against a web server, a file share, a printer and a user’s host device.  The student will identify specific threats posed to the system.  Students will then scan a network and identify potential points of ingress (open ports, etc) that could cause compromise to the system.

Tweaking Firewall Rules for Detection
Students will use organizational firewall for monitoring, detecting and auditing traffic on the network. Students will then configure log traffic of interest forwarded to a syslog server.

Use pfTop to Analyze Network Traffic – Scored
Students will use pfTop, a network traffic monitoring/statistics plugin used in pfSense, to analyze and monitor network traffic.  They will walk through the steps of performing a detailed investigation to determine what type of traffic is occurring across the exercise network. Finally, with the use of use visualization tools they will be able to further analyze network traffic statistics and learn how visuals can quickly aide in the incident response process.

Using PowerShell to Analyze a System
Students will be using Power Shell to search for running processes, users and tasks on local and remote systems in the user environment.

Using Snort and Wireshark to Analyze Traffic – Scored
In this lab we will replicate the need for Analysts to be able to analyze network traffic and detect suspicious activity. Tools like Wireshark and Snort can be utilized to read, capture, and analyze traffic.

Vulnerability Analysis/Protection
Students will use OpenVAS to do a vulnerability analysis.  Students will then identify applicable vulnerabilities and protect their system(s) against them.

Vulnerability Identification and Remediation
Learners will use Nmap and OpenVAS/Greenbone Vulnerability Scanner to confirm old vulnerable systems and to also discover new ones.  They will perform a risk analysis of the findings and determine steps to be taken to mitigate the issues discovered.  Finally, armed with a previously completed audit report as an example, they will fill out the necessary audit documentation to provide details on their findings and to add any suggested mitigations.

Vulnerability Scan Analysis
Students will run a Core Impact or Nessus Scan and identify vulnerabilities.  Students will then view the report and prioritize vulnerabilities according to risk.

Vulnerability Scanner Set-up and Configuration
Students will setup and configure Core Impact in preparation of a vulnerability scan against an internal network.

Vulnerability Scanner Set-up and Configuration, Pt. 2
Students will utilize OpenVAS to identify hosts on a network and assess their vulnerabilities.

WebApp Attack PCAP Analysis
In this lab you will analyze a capture file of a web application attack in order to identify the attack vector and deduce the vulnerability the attack exploited.

Whitelisting & Suspicious File Verification
Students will become familiar with procedures used in the validation of suspicious files.  During the course of the lab the student will generate a system-level baseline using a command line file hash tool, followed by checking new/unknown files against whitelists and online tools.

Windows Event Log Manipulation via Windows Event Viewer
In this lab you will use Windows Event Viewer to view and filter the security event log on a Windows 7 client computer specifically for account logons.

Wireshark
This lab exercise is designed to allow the trainee become familiar with the use of Wireshark.

 

 

 

Sign up for a Cybrary for Business account or upgrade to Cybrary Insider Pro and gain access to this premium application, Cybrary Live and over 500 other premium applications including Practice Labs, Practice Tests and more.

 

 

Also included in Cybrary for Business and Cybrary Insider Pro plans:

 

A premium daily live online offering members to learn online and
prepare for certifications LIVE from the industry’s top instructors and companies.

 

Secure coding based online virtual lab training for Developers, DevOps, and Systems Administrators.

A browser-based hands-on cybersecurity skills evaluation platform for those who like to learn by doing.

Gain a true reflection of real world IT and cyber security scenarios from the convenience of your browser. From a virtual lab environment, access “real hardware” and learn through step-by-step lab guides to prepare for a certification or develop your skills.

Pass your IT certification exams with confidence using Kaplan IT Training (formerly Transcender). Prepare for IT certification exams from Microsoft, CompTIA, Oracle and more now.

Become a cloud expert with hands-on training in Infrastructure & DevOps, Websites & App Dev, Big Data, Machine Learning, Security, Backup & Recovery.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel