Our cybersecurity exercises cover the topics of Network Analysis and Reconnaissance, Malware Detection and Analyzation, Network Traffic Analysis and Defense, Social Engineering, and Web Security. Though our exercises can be done in any order, some can be good building blocks that work towards the more advanced ones. Most of the exercises require a minimal level of understanding of some standard Linux tools. We have provided some basic tutorials for Linux use in our manuals.
For more in-depth information on our scenarios, see the manuals.
Getting Started teaches the basics of using the Linux command line. This scenario starts with basic commands like cd and ls, and moves on to more complex commands such as find, and vim.
File Wrangler teaches the basics of file manipulation through the linux command line. This scenario starts with basic commands like cd and ls, and moves on to more complex file manipulation commands such as mv and chmod.
Ssh Inception teaches the basics of ssh, a secure program for logging into a remote machine, as well as helps familiarize students with the basics of the linux system. This scenario introduces some helpful tools, includin grep, ifconfig, nmap and ftp, to help uncover clues as you navigate through a series of network checkpoints. This is a great place to start for learning the foundations of networking!
Total Recon is a progressive, story-based game designed to teach how network protocols such as TCP, UDP, and ICMP can be used to reveal information about a network. This scenario focuses on reconnaissance to determine hosts in an unknown network. You will explore tradeoffs between speed and stealth when using tools such as nmap.
One of the important skills of cyber security is being able to analyze malware. In this scenario we focus on the dynamic analyses of programs, using the dignostic tool strace. You are presented with the challenge of understanding what a process is doing based on its system calls. Through both whitebox and blackbox testing, you will learn to filter large amounts of data to distinguish between normal and anomalous behavior.
ELF Infection is an exercise to assess your understanding of the structure of an executable file. The goal is to teach you, having identified that a program is doing something malicious, where that code has been injected and how it works. This is a reverse engineering problem and can use a range of tools, including readelf, objdump, gdb, strace and netstat.
Treasure Hunt is an exercise that teaches about permissions and other security loopholes in Linux. The goal of this scenario is to uncover the "secret" of 16 imaginary users. This scenario covers a broad array of topics, including password cracking and the .htaccess file, though it mainly focuses on the many aspects of the Linux file access permissions. This is classroom favorite and great way for students test both their knowledge and determination!
Metasploitable aims to teach users how to use the Metasploit framework. Metasploit is a very useful framework for various aspect of penetration testing. This scenario will cover the basics of using the framework by allowing users to use the framework to attack simulated virtual computers in a safe environment.