Lab Sessions

Submitted by matt.willis@up… on Mon, 06/26/2023 - 14:08

In this topic, you will be taught the foundation skills to start your journey to become an ethical hacker. It is important that you complete these lab series prior to undertaking your first Assessment for this course. 

Sub Topics

Throughout this lab, we will dig deeper into cybercrimes, specifically WannaCry. Using interactive charts and free-to-use programs we will visualize all of the data collected from WannaCry around the world. We will then take a look at how we can keep tabs on security incidents happening around the world right now.

Milestones Estimated Time to Complete Dependencies Objectives Tools Required
1 45 mins N/A Monitor Global Attacks in real time with X-Force Exchange X-Force Exchange

(accessed via internet browser)

Tools Required

Only one tool is required to complete Lab 1.

X-Force Exchange

IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers. X-Force Exchange can be crucial for Cybersecurity and cyber awareness. With X-Force Exchange, we can monitor the online environment, in real-time, and actively follow known security issues. Security concerns can be investigated to not only tell us where the problem originated, but who has been affected and what type of systems are under threat. Access X-Force Exchange here

Access the instructions for Lab 1 HERE

To begin this lab, we are going to discover, first-hand, some of the information anyone can pull from your IP address using centralops.net. We will then dive into our personal computers' Command Line Interface (CLI) in order to use further commands revolving around our IP Address and security. Cyber threats are always out there; we will utilize Nmap and Wireshark to showcase ways that criminals scan for weaknesses. We will then end the lab with Network Security Best Practices.

Milestones Estimated Time to Complete Dependencies Objectives Tools Required
4 60 mins Students should have completed the topic '10.3 Cybersecurity' Attacks prior to undertaking this lab.
  1. Understand the data behind IP Addresses
  2. Explore your personal Command Line Interface
  3. Learn about basic tools attackers use to infiltrate your network security
  4. Cement industry Best Practices into your mind such as enabling a DNS
Zenmap

Wireshark

Tools Required

There are two tools required to complete Lab 2.

Zenmap

Zenmap is the official cross-platform GUI for the Nmap Security Scanner. It is a multi-platform free and open-source application which aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users.

Nmap Webpage
  • Step 2 - Click on the “download” link next to Nmap 7.7
  • Step 3 -  Scroll down to the download file for your operating system. Windows users will click on the “Latest stable release self-installer”

Nmap Windows Download

Nmap Mac Download (Mac users will click on the "latest stable release"

  • Step 4 - Follow the directions of the installer, and once finished, open Zenmap

Zenmap
  • Inside the target box input either a domain or IP Address (we will be using altoromutual.com) and hit scan
  • Watch as Zenmap starts its scan and goes through multiple CLI commands such as Ping and Traceroute
  • The report may have been generated to fast to follow but scroll up and check if Zenmap found any open ports

Wireshark 

Wireshark is a free and open-source packet analyser; often referred to as a “sniffer”. It is used for network troubleshooting analysis, software and communications protocol development, and education. Wireshark is used to examine the details of traffic as data is sent from one connection to the other.

  • Navigate to wireshark.org
  • Scroll down the page to find 'Stable Release'
  • Download the appropriate version based on your operating system
  • Run the fi;e and click through the installation process

Access the instructions for Lab 2 HERE

In this lab, we are going to put ourselves into the shoes of the attacker, and Footprint a network. We will then implant ourselves as new users in the system to begin taking control. In the latter half of the lab, we will cover some defences and industry best practices that can keep us safe. 

Milestones Estimated Time to Complete Dependencies Objectives Tools Required
6 120 mins Students should have completed the topic '10.3 Cybersecurity' Attacks prior to undertaking this lab.
  1. Unsecured DVR and DDOS Attacks
  2. Footprinting
  3. Misconfiguration / Bruteforce
  4. Take Control
  5. Network Protection Practices
  6. X-Force Exchange

Zenmap

Wireshark

PuTTY

Tools Required

There are three tools required to complete Lab 3, you should have already accessed two of the three.

PuTTY

Windows does not have a built-in Secure Shell so we will need to download a third-party program. For this lab, we recommend PuTTY, however, if you do not have access to a separate device you can complete Milestone 5 'Network Protection Practices' utilising the IBM Virtual Machine in the IBM KeySkills platform.

  1. Navigate to the PuTTY download link found here
  2. Scroll down the page to find the correct download package for your operating system
  3. Download and run the installer
  4. Click through the installer and read through the ReadMe.

Access the instructions for Lab 3 HERE

In this lab, we are going to put ourselves in the role of a penetration tester. We have recently been hired by a banking company, Altoro Mutual, to go through their website and test its application security. To do this we will go through the three main sections: Footprinting, Gaining Access, and Attack the System. As we go through these sections and find corresponding weaknesses, we will add them to a report and categorize them based on OWASP error codes.

Milestones Estimated Time to Complete Dependencies Objectives Tools Required
3 120 mins Students should have completed the topic '10.3 Cybersecurity' Attacks prior to undertaking this lab.
  1. Understand the role and responsibilities of a penetration tester
  2. Familiarize yourself with how an attacker can gain access to a system
  3. Conceptualize the repercussions of a successful attack

OWSAP Report

Mozilla Firefox

Zenmap

Wireshark

Tools Required

There are two tools required to complete Lab 2.

Before beginning this lab, it is recommended that you take some time to review the OWASP report in order to better understand the vulnerabilities you will be looking for as a Penetration Tester.

Access the OWSAP Report HERE.

Access the instructions for Lab 4 HERE.

Module Linking
Main Topic Image
A programmer working at a desk
Is Study Guide?
Off
Is Assessment Consultation?
Off