Vulnerability Assessment Analyst

Labs → Vulnerability Assessment Analyst

Individuals in this role should have a comprehensive understanding of the tools and techniques to detect and exploit security vulnerabilities in web-based applications, networks, and computer systems that use the Windows and Linux OS, as well as recommend mitigation countermeasures.

Purchase

 

ACTIVITIES

Lab
Description
Duration
Vulnerability Analysis/Protection
Students will use OpenVAS to do a vulnerability analysis. Students will then identify applicable vulnerabilities and protect their system(s) against them.
1 hour, 30 minutes
Analyze Malicious Network Traffic
Students will take some time to review malicious traffic within a controlled environment. Using Wireshark and some pointers from a previous technical report on the FlashPack Exploit Kit, they will focus their attention on finding (in two traffic captures) evidence of when and how a victim system was infected with the exploit kit.
1 hour, 30 minutes
Manual Vulnerability Assessments
Students will learn how to conduct manual scanning against systems using command line tools such as Netcat then they will login to a discovered system and enable object access verify that auditing to the object is enabled.
1 hour
Denial of Service PCAP Analysis
The student will act as attacker and defender in this scenario. They will receive experience using a custom denial of service python script, and then will switch over to the defensive side. On defense they will need to detect the activity, design firewall rules to block the DoS, implement the rules and then check their effectiveness.
1 hour
Preliminary Scanning
Students will utilize Nmap, a network discovery and mapping tool, to identify the systems on a network of responsibility. Using the tool, students will identify other devices on the laboratory network, to include computers and network infrastructure devices, such as routers.
1 hour
WebApp Attack PCAP Analysis
In this lab you will analyze a capture file of a web application attack in order to identify the attack vector and deduce the vulnerability the attack exploited.
1 hour
Network Segmentation (FW/DMZ/WAN/LAN)
In this lab we will take the concept of zones and create three zones and route traffic accordingly. We will have the trusted zones ZONE – LANwhich will be the internal Local Area Network. ZONE – DMZwhich will be the demilitarized zone. ZONE – WAN – which will be the Wide areanetwork. We will set up a firewall (PFSENSE) to allow internal traffic from the LAN to the WAN. We will allow traffic WAN to DMZ and DMZ toWAN. Internal traffic WILL NOT BE ALLOWED TO ENTER THE DMZ UNLESS IT COMES through the WAN interface. This will prevent/deter hackerswho if possibly compromised a DMZ asset will not be able to access the internal LAN segment. We’ll also show trainees how a contractor wouldlikely VPN into a retail network and how to appropriately restrict their access.
1 hour
Blue Team – Patch Analyst (Demo Lab)
Students will identify if a vulnerability is present in the systems and remediate the vulnerability if necessary.
1 hour, 7 minutes
Identify Access to a LINUX Firewall Through SYSLOG Service
Students will identify access to a PFSENSE firewall through the forwarding of SYSLOG (System logs) from a Firewall to the SYSLOG service we haveconfigured and set up on the Network. Students will then identify malicious activity through system logs.
1 hour
Intro to Linux – Routing and SSH Tunnels
Routing is an important networking concept. Routing is typically done by dedicated routers, but can also be done by host systems, such as pfSense or even a regular Linux machine. In a production network, you would likely not use a Linux machine to perform routing, but by experimenting with routing on Linux, you can gain a deeper understanding of how it works and how to configure it.
2 hours
LNX101 – OpenSSH Installation, Configuration, and Hardening
In this lab, you will learn how to install, configure, harden and test an OpenSSH server.
1 hour
LNX101 – Setting Up a Firewall With UFW and Firewalld
In this lab, you will learn how to use two common firewall management tools called UFW or Uncomplicated Firewall and Firewalld.
3 hours
LNX101 – Telnet vs. SSH
In this lab, you will learn how to use telnet, an insecure protocol that sends its data over the network in an unencrypted form.
1 hour
PAM Lab
This lab exercise is designed to allow trainees to remotely access a virtual machine using SSH to create a user account and assign the user account permissions on the virtual machine.
1 hour
Applying Filters to TCPDump and Wireshark
This lab exercise is designed to allow the trainee to become familiar with applying a capture filter to TCPDump and Wireshark using Berkley Packet Filter (BPF) syntax.
1 hour
Rogue Device Identification and Blocking
Students will scan a network and identify rogue devices. Students will then customize the firewall rules to ensure that any rogue devices are blocked from communicating with other systems on the network.
1 hour
Scanning From Windows
Students will leverage Scalnline, a windows network discovery and mapping tool, to identify the systems on a network of responsibility. Students will utilize non-traditional scans to attempt avoiding an Intrusion Detection System (IDS).
1 hour
Scanning with Nmap
In this lab, you will perform several scans but, using Wireshark, you will be able to view the scan traffic to see what the tool is actually doing under the hood.
1 hour
Securing Linux – Firewalls
Firewalls are an important part of limiting network traffic. Properly implemented firewalls can greatly limit the amount of damage an attacker can do by enforcing access control on the network interface. They can also be incredibly useful for regulating the amount of traffic or allowing certain network translations to occur that provide extra functionality.
1 hour
Using Snort and Wireshark to Analyze Traffic
In this lab we will replicate the need for Analysts to be able to analyze network traffic and detect suspicious activity. Tools like Wireshark and Snort can be utilized to read, capture, and analyze traffic.
1 hour
Cryptography: Using GPG for Encryption and Key Management – Scored
Training on how to use GPG with a GPG challenge at the end.
1 hour
Firewall Setup and Configuration – Scored
In this lab you will perform the steps necessary to set up a pfSense firewall from the basic command line interface and then configure the firewall using the web configuration GUI on a Windows machine. This lab will provide an understanding how network interfaces are configured to allow network connectivity. You will also view and create a firewall rule which enforces your understanding of how network traffic can be managed at different levels – (IP-based, Protocol-based, Machine-based, etc).
1 hour
Auditing Service Accounts
Students will audit service accounts in a Windows Server environment. They will note the services that are running with the help of the server Administrator account and make necessary corrections to them. The corrections will minimize the chance of a successful attack against those services allowing for privilege escalation attempts, leveraging the associated service account, from going anywhere.
40 minutes
Auditing Service Accounts and Setting Up Automated Log Collection
Students will explore information-gathering techniques, audit service accounts in a Windows Environment, collect Windows logs, and automate log transfer with Syslog.
1 hour, 30 minutes
Conduct Supplemental Monitoring
In this lab you implement supplemental monitoring solutions on a network using various Microsoft security tools and built-ins.
30 minutes
Host Identification Scanning with Linux
Students will utilize Nmap, a network discovery and mapping tool to identify the systems on a network of responsibility. Using the tool, students will identify other devices on the laboratory network, to include computers and network infrastructure devices, such as routers.
1 hour
Host Identification Scanning via Windows
Students will leverage Scanline, a Windows network discovery and mapping tool, to identify the systems on a network of responsibility. Students will utilize non-traditional scans to attempt avoiding an Intrusion Detection System (IDS).
25 minutes
Manually Analyze Malicious PDF Documents
Several company employees have received unsolicited emails with suspicious pdf attachments. The CIO has asked you to look at the attachments and see if they are malicious.
1 hour
Manually Analyze Malicious PDF Documents 2
Several company employees have received unsolicited emails with suspicious pdf attachments. The CIO has asked you to look at the attachments and see if they are malicious.
1 hour, 30 minutes
Tweaking Firewall Rules for Detection
Students will use organizational firewall for monitoring, detecting and auditing traffic on the network. Students will then configure log traffic of interest forwarded to a syslog server.
1 hour
Network Discovery – Scored
The Network Discovery lab is designed to help students facilitate open source collection by teaching them how to use more intimate network discovery techniques.
1 hour, 30 minutes
Cryptography: Steganography – Scored
In this lab, students will learn: How information can be hidden in cover files. How to recognize and search for hidden information. How to steganalyze a file to identify that message was hidden inside.
1 hour
Parse Files Out of Network Traffic
This lab teach students how to extract various files from network traffic using Network Miner and Wireshark.
1 hour
Snort Signatures, IDS Tuning, and Blocking
Often the security analyst will need to update the existing IDS/IPS (Intrusion Detection/Prevention System) to handle new threats. This lab will simulate creating a reject and drop rule for a specific traffic type and alert the Snoby SEIM when they hit.
1 hour, 9 minutes
Use pfTop to Analyze Network Traffic – Scored
Students will use pfTop, a network traffic monitoring/statistics plugin used in pfSense, to analyze and monitor network traffic. They will walk through the steps of performing a detailed investigation to determine what type of traffic is occurring across the exercise network. Finally, with the use of visualization tools they will be able to further analyze network traffic statistics and learn how visuals can quickly aid in the incident response process.
1 hour
Wireshark
This lab exercise is designed to allow the trainee become familiar with the use of Wireshark.
1 hour
Threat Designation
Students will conduct scans against a web server, a file share, a printer and a user’s host device. The student will identify specific threats posed to the system. Students will then scan a network and identify potential points of ingress (open ports, etc) that could cause compromise to the system.
1 hour
Analyze SQL Injection Attack
Students will Identify the use of an SQL Injection through the use of Wireshark. The students will also isolate the different aspects of the SQL Injection and execute the selected code.
1 hour
System Hardening – Scored
A number of technologies exist that work together to protect systems and networks. The real value of your networks and systems rests in the data that networks carry and reside in systems. In this lab you will focus on some ways you can safeguard the data that resides on systems and when data is sent across the network. Securing an operating system, also known as hardening, strives to reduce vulnerabilities in order to protect a system against threats and attacks.
1 hour
Network Topology Generation
Students will utilize Zenmap to generate a visual network topology.
1 hour
Gap Analysis of Firewall Rules
Students will log into an organization’s firewall, document existing firewall rules, analyze these rules and making recommendations based on this analysis. Students will then make make the necessary changes.
1 hour, 30 minutes
Creating Recommendations Based on Vulnerability Assessments – Scored
Students will use OpenVAS to do a vulnerability analysis and fill out a recommendation FOR-m FOR- the vulnerabilities found in the network.
1 hour
Setting up Filters and Queries in Kibana
Students will focus on using filters and queries in Kibana to find indicators of compromise within the network.
1 hour
Participate in Attack Analysis Using Trusted Tool Set
Students will participate in attack analysis/incident response, including root cause determination, to identify vulnerabilities exploited, vector/source and methods used (e.g., malware, denial of service). Students will then investigate and correlate system logs to identify missing patches, level of access obtained, unauthorized processes or programs.
38 minutes
Protect Against Beaconing
Students will take a PCAP indicating the presence of a beacon on the network and analyze it. The analysis will determine if there’s activity that we can mitigate mitigation and then implement a Firewall block with logging to prevent future beaconing.
1 hour
Baseline Systems in Accordance with Policy Documentation
Students are provided a whitelist of applications allowed for installation on a system. Students will compare the list against multiple hosts and remove the installed applications which are not on the list.
1 hour
Conduct Root Cause Analysis for System Crashes
Students will use utilize a specially loaded system to conduct analysis on a captured memory dump from a machine suffering from repeating system crashes. Using a memory analysis tool the students will walk through the process of discovering what is running on the affected system and why these odd behaviors are causing the crashes. This lab will foster tool familiarization and will provide the students with another layer of detail on how the Windows kernel interacts with memory, as well as the various processes involved.
45 minutes
Control Assessment and Evaluation
Students are provided a list of controls and a system. They are to ensure that the controls that are provided in the documentation are present on the system.
1 hour
Patches and Updates
During a penetration test, it is discovered that the systems on your network have not been updated to the latest service pack level for the Operating System. To make your system less vulnerable to attack, you will install the latest service pack for the OS.
30 minutes
Patching With WSUS
Students will have access to a Windows 2012 Server running the Windows Server Update Service (WSUS), and use it to select and approve patches needed for a Windows 7 client. They will select the required patches based on reports provided by previous scanning activity performed with the use of Microsoft Baseline Security Analyzer (MBSA) and the Open Vulnerability Assessment System (OpenVAS).
1 hour, 30 minutes
Securing Linux for System Administrators
Linux environments are ubiquitous in many different sectors, and securing these environments is as important as securing Windows environments. This lab walks you through implementing least-privilege and strong security practices in a Linux environment. Specifically, you will walk through ways to secure your Linux box, look at and fix common areas of privilege issues/abuses, and get introduced to SELinux and how it helps when implementing least-privilege.
45 minutes
Verifying Hotfixes
Software patches repair bugs or vulnerabilities found in software programs. Patches are simply updates that fix a problem or vulnerability within a program. Sometimes, instead of just releasing a patch, vendors will release an upgraded version of their software, although they may refer to the upgrade as a patch. In this lab, you will learn how to identify currently installed patches, manually install a hotfix and configure a work around.
1 hour
Identifying System Vulnerabilities with OpenVAS
Students will scan a system in OpenVAS (Open Vulnerability Assessment) to discover and identify systems on the network that have vulnerabilities.
1 hour
Core Impact Web Application Penetration Testing
This lab introduces students to the web application penetration testing suite within the Core Impact application.
1 hour
Total Expected Duration:  2 days, 9 hours, 59 minutes