Exploitation Analysis 1
Exploitation Analysis 1 NICE Specialty Area Package Analyzes collected information to identify vulnerabilities and potential for exploitation. This package consists of CYRIN labs focusing on the NIST National Initiative for Cybersecurity Education (NICE) Exploitation Analysis specialty area. Completing these labs …
Overview
Exploitation Analysis 1 NICE Specialty Area Package
Analyzes collected information to identify vulnerabilities and potential for exploitation.
This package consists of CYRIN labs focusing on the NIST National Initiative for Cybersecurity Education (NICE) Exploitation Analysis specialty area. Completing these labs will help you learn the skills needed for a job in the area. A follow-on package, “Exploitation Analysis 2” is also available for more in-depth practice in this specialty area.
PREREQUISITES
Prerequisites vary by lab, but are generally: familiarity with the Unix/Linux command line and basic networking concepts (TCP/IP, DNS, etc.).
EXPECTED DURATION
17.0 hours, self-paced. Pause and continue at any time.
17.0 CPEs awarded on successful completion.
PACKAGE CONTENTS
-
Identifying Live Machines and Services on an Unknown Network
Students will use tools such as nmap, unicornscan, and fping to identify systems on a local network, including both Unix and Windows targets. Students will identify the operating systems these systems are running, as well as the types of network services they are providing.
-
Service Identification I
Students will use multiple tools to identify services, including software package and version information, running on unknown systems. Network services to be targeted will include those running on non-standard ports or behind firewall rules.
-
Service Identification II
Students will build on the Service Identification I exercise to use service-specific information-gathering tools. Students will gather vendor, software, and version information, as well as any configuration information available remotely. Students will then use scripting tools to automate this process.
-
Introduction to Metasploit
Students will gain experience with the widely-used open source Metasploit® framework and related tools for exploiting vulnerable software and insecure system configurations. The exercise leads students through the entire process, from scanning the network to getting remote shells and accessing sensitive information. By seeing the tools available to potential attackers, students will gain a greater appreciation for the need to keep software up-to-date and securely configured.
-
Vulnerability Scanning with OpenVAS
Students will use the free OpenVAS web tool suite to identify vulnerabilities in services available on an unknown network. The network will include several targets with known-vulnerable software versions and/or configurations.
-
Web Application Security Analysis using OWASP-ZAP
Students will use the OWASP program’s ZAP tool suite from within Kali Linux to scan multiple web services and document vulnerabilities. Students will see ZAP in action on a vulnerable web site where entire database tables are available to potential attackers.
-
Web Application Security Analysis using Nikto
Students will use the Nikto tool to test web services over the network and document vulnerabilities. Students will then use network packet capture tools such as Wireshark to verify their understanding of the vulnerabilities and testing procedures.
-
Web Application Security Analysis using Vega
Students will use the Vega scanning tool, within a graphical Kali Linux environment, to test web services over the network and document vulnerabilities. Students will then use network packet capture tools such as Wireshark to verify their understanding of the vulnerabilities and testing procedures.
-
Web Application Security Analysis using Burp Suite
Burp Suite is an industry standard suite of tools used by information security professionals for testing Web application security. Its tools work together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.
Students learn to use Burp tools to find security vulnerabilities in a web application. They will discover the application is vulnerable to cross-site scripting (XSS) attacks and will learn how to exploit the vulnerability to steal user credentials.
Price including 6 months of access