No announcement yet.

Naval Postgraduate School Labtainer Exercises

  • Filter
  • Time
  • Show
Clear All
new posts

  • Naval Postgraduate School Labtainer Exercises

    The Naval Postgraduate School has available some:
    Fully packaged Linux-based computer science lab exercises with an initial emphasis on cybersecurity
    You can find them here.
    It's more than 40 exercises in 5 GB VM images.

    I haven't done them but I'll definitely take a look. They seem interesting for n00bs like myself, they cover the following topics:
    1. Software Vulnerabilities
      • An example program vulnerable to a stack buffer overflow (including 64-bit version)
      • Explore C library printf function vulnerabilities (including 64-bit version)
      • Exploit a program using a buffer overflow and return-to-libc
      • An introduction to using gdb to debug a simple C program
      • Use metasploit on a Kali Linux system to attack a "metasploitable" host.
      • Risks of the setuid feature, including environment variables
      • Reverse engineer a simple vulnerable service to discover and demonstrate some of its properties
      • Explore over 200 vulnerable services from the DARPA Cyber Grand Challenge
    2. Networking
      • The student uses telnet to access a remote computer, and employs the tcpdump tool to view plaintext passwords, and to observe how use of ssh mitigates that vulnerability
      • The nmap utility is used to locate an ssh server on a network and to discover the port number being used by the service.
      • The nmap utility is utilized in combination with the tshark network traffic analysis utility to demonstrate a security problem with an ssh server
      • Simple routing example with two LANs and an internet connection via NAT
      • The iptables utility is used to configure a “firewall” component to only forward selected application service traffic between a client and a server.
      • TCP/IP protocol vulnerabilities, including SYN flooding, RST attacks and session hijacking
      • Use of ARP spoofing for Man-in-the-middle attacks
      • DNS spoofing and cache poisoning on a local area network
      • Use of snort for network intrusion detection
      • Set up a DMZ for an enterprise
      • Use a Radius authentication service to authenticate network devices
      • Authenticate users of Linux servers using an LDAP service
    3. Network Traffic Analysis
      • The tshark network traffic analysis tool is used to identify and display a specific network packet containing a plaintext password.
      • Introduction to the use of Wireshark analyze network traffic.
      • Use Wireshark for more advanced analysis of network traffic
      • Develop programs using the PCAP library to analyze an unknown packet capture.
      • Explore the NetFlow network traffic protocol and data record type using the CMU SiLK software suite.
    4. Crypto Labs
      • Exploration of cryptographic hashes and the potential for hash collisions.
      • Introduction to generating cryptographic hashes using the openssl utility.
      • Explore public key certificates from a variety of web sites
      • Use of a public/private key pair to access a server via ssh.
      • Use an SSH agent to manage your private key and avoid retyping your passphase
      • Use of SSL to authenticate both sides of a connection, includes creating and signing certificates using a CA.
      • Exploration of symmetric key encryption modes.
      • Example use of OpenVPN to protect network traffic.
    5. Web Security Labs
      • Illustrates web tracking techniques and the role of ad servers
      • Cross Site Request Forgery with a vulnerable web site
      • Cross site scripting attacks on a vulnerable web server.
      • SQL injection attacks and countermeasures.
    6. System Security & Operations
      • Acess Control Lists (ACLs) on Linux
      • Using tar and dump/restore for file backups, including remote backups
      • Use of Linux capabilities to limit program privileges.
      • System log basic usage and configuration on an Ubuntu system.
      • System log basic usage and configuration on a CentOS system.
      • Data recovery from deleted files within EXT2 and NTFS file systems
      • File integrity checking and intrustion detetion with AIDE
      • Introduction to passwords and elementary cracking schemes
      • Use of the denyhost utility to block brute force attacks on SSH
      • Introduction to Linux and shell commands
    7. Industrial Control System Security
      • Program a software-based Programmable Logic Controller (PLC)
      • Forensic analysis of a PLC session from a rouge client, including CIP & EtherNet/IP protocols
      • Simulated example of a vulnerable PLC system
      • Application firewall and whitelisting to protect a PLC
      • use iptables to limit traffic destined for a PLC through a firewall
      • Intro to the GrassMarlin SCADA/ICS network discovery tool
      • use the GrassMarlin tool to view traffic you generate interacting with a PLC
    The list of exercises is here
    The VM's can be downloaded from here.

    Anyone tried this exercises already? feedback?

  • #2
    Looks really cool...seems to cover a lot of the OSCP material, and you can't beat free, right?!
    Brian Johnson
    7 Minute Security
    Podcaster | Security Consultant