Attack and Defense

This package includes all exercises in the Attack and Defense category, as well as all new exercises in the category released during your subscription period.

Prerequisites vary by lab, but are generally: familiarity with the UNIX command line and networking concepts, tools such as Metasploit and tcpdump, and knowledge of web application vulnerabilities (e.g., SQL injection).

EXPECTED DURATION

8.0 hours, self-paced. Pause and continue at any time.
8.0 CPEs awarded on successful completion.

• Capture the Flag Scenario I

  One of the most important skills in cyber defense is the ability to think like an attacker. How will an adversary break in to your systems? Are your sensitive files properly hidden from prying eyes? Can a dedicated attacker steal encryption keys that would allow them to impersonate you? Knowing how such attacks might work helps you securely configure and defend your systems.

  Hone your skills and see how an attacker would exploit configuration weaknesses. This Capture the Flag (CTF) scenario lets you see first-hand an attacker’s strategies for compromising your systems. Can you gain total control over a target system solely via a web application?

• Capture the Flag Scenario II

  Build on your skills from the first Capture the Flag (CTF) scenario with a new web server setup—can you gain root access on this box? This CTF scenario lets you see first-hand how an attacker could go about compromising your systems.

• Red vs Blue

  Test your skills against others as either an attacker attempting to compromise a system or a defender trying to prevent the attackers from doing damage. This is a head-to-head exercise, best played with two or more participants from your organization. Participants choose their own teams.

• Detect and Neutralize a Malware-Based Attack

  In this exercise, the student plays the role of a security admin of an enterprise network. They are asked to investigate a potential malware-based attack.

  The student is told that an intrusion detection system has seen periodic outgoing connections from a computer within the enterprise network to a computer on the Internet. The student must block the outgoing traffic, determine the computer from which the traffic is originating, find the malware on that computer, examine it to see what information is being sent out, and stop the attack.