cybersecurity/HacktivityLabSheets
1
0
Fork 0
mirror of https://github.com/cliffe/HacktivityLabSheets.git synced 2026-02-20 13:50:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

lab updates

Browse Source
This commit is contained in:
Z. Cliffe Schreuders
2025-09-15 23:43:27 +01:00
parent 94d4f3b74a
commit 72fdaed37f
10 changed files with 196 additions and 808 deletions
Download Patch File Download Diff File Expand all files Collapse all files

124
SETUP.md Normal file
View File

@@ -0,0 +1,124 @@
# Hacktivity Lab Sheets Setup
This Jekyll site is designed to display cybersecurity lab exercises organized by category.
## Features
- **Organized by Category**: Labs are grouped by their directory structure (e.g., "Introducing Attacks", "Network Security", etc.)
- **Hacktivity Theme**: Custom theme matching the Hacktivity platform with light/dark mode toggle
- **GitHub Pages Compatible**: Ready for deployment on GitHub Pages
- **Responsive Design**: Works on desktop and mobile devices
## Local Development Setup
### Prerequisites
- Ruby 3.1 or later
- Bundler gem
### Installation
1. Install Ruby and Bundler:
```bash
# Ubuntu/Debian
sudo apt install ruby ruby-bundler
# Or using snap
sudo snap install ruby
```
2. Install dependencies:
```bash
bundle install
```
3. Run the development server:
```bash
bundle exec jekyll serve
```
4. Open your browser to `http://localhost:4000`
## GitHub Pages Deployment
### Option 1: GitHub Actions (Recommended)
The repository includes a GitHub Actions workflow (`.github/workflows/jekyll.yml`) that will automatically build and deploy your site when you push to the main branch.
1. Push your changes to the main branch
2. GitHub Actions will automatically build and deploy the site
3. Your site will be available at `https://yourusername.github.io/HacktivityLabSheets`
### Option 2: Manual GitHub Pages
1. Switch to GitHub Pages compatible setup:
```bash
./switch-to-github-pages.sh
```
2. Commit and push your changes:
```bash
git add .
git commit -m "Update for GitHub Pages"
git push origin main
```
3. Enable GitHub Pages in your repository settings
## Lab Organization
Labs are organized in the `_labs` directory with the following structure:
```
_labs/
├── introducing_attacks/
│ ├── 1_intro_linux.md
│ └── 2_malware_msf_payloads.md
├── lab1-network-scanning.md
├── lab2-web-vulnerability-assessment.md
└── lab3-digital-forensics.md
```
Each lab file should include the following front matter:
```yaml
---
title: "Lab Title"
description: "Brief description of the lab"
difficulty: "Beginner|Intermediate|Advanced"
duration: "XX minutes"
prerequisites: "Required knowledge"
tags: ["tag1", "tag2", "tag3"]
category: "category_name" # This determines the grouping
---
```
## Adding New Labs
1. Create a new markdown file in the appropriate directory under `_labs/`
2. Add the required front matter (see above)
3. Set the `category` field to group labs together
4. Write your lab content in Markdown
## Theme Customization
The theme uses CSS custom properties (variables) defined in `assets/css/hacktivity-theme.scss`. You can customize colors, fonts, and other styling by modifying these variables.
## Troubleshooting
### GitHub Pages Build Issues
If you encounter build issues with GitHub Pages:
1. Check that your Gemfile is compatible with GitHub Pages
2. Ensure all plugins are whitelisted for GitHub Pages
3. Use the GitHub Actions workflow instead of the traditional GitHub Pages build
### Local Development Issues
If Jekyll won't start locally:
1. Check Ruby version: `ruby --version`
2. Update Bundler: `gem update bundler`
3. Clear Jekyll cache: `bundle exec jekyll clean`
4. Reinstall dependencies: `rm Gemfile.lock && bundle install`

5
_config.yml
View File

@@ -25,6 +25,11 @@ defaults:
type: "labs"
values:
layout: "lab"
- scope:
path: "_labs/**"
type: "labs"
values:
layout: "lab"
# Plugin settings
plugins:

1
_labs/introducing_attacks/1_intro_linux.md
View File

@@ -6,6 +6,7 @@ difficulty: "Beginner"
duration: "90 minutes"
prerequisites: "Basic computer skills"
tags: ["linux", "command-line", "ssh", "kali", "networking", "security"]
category: "introducing_attacks"
lab_sheet_url: "https://docs.google.com/document/d/1vA_Ev_GPqPg3cGZblgVclWmTU-sUEEBqwYpFH09mQjg/edit?usp=sharing"
type: ["ctf-lab", "lab-sheet"]
lecture_url: "http://z.cliffe.schreuders.org/presentations/slides/DSL_DS_OSPT_Lectures_1_Intro_to_Unix_FOSS_and_Linux.html"

1
_labs/introducing_attacks/2_malware_msf_payloads.md
View File

@@ -6,6 +6,7 @@ difficulty: "Beginner"
duration: "120 minutes"
prerequisites: "Basic understanding of operating systems and networking"
tags: ["malware", "metasploit", "payloads", "trojan", "ethical-hacking", "penetration-testing"]
category: "introducing_attacks"
lab_sheet_url: "https://docs.google.com/document/d/1QsOLdqwBP6njIoKbeQRdattbLBLPFCB-eKHW0OxdE8U/edit?usp=sharing"
type: ["lab-sheet"]
lecture_url: "http://z.cliffe.schreuders.org/presentations/slides/DSL_DS_OSPT_Lectures_2_Malware.html"

170
_labs/lab1-network-scanning.md
View File

@@ -1,170 +0,0 @@
---
title: "Lab 1: Basic Network Scanning"
description: "Learn the fundamentals of network scanning using Nmap and other reconnaissance tools"
difficulty: "Beginner"
duration: "45 minutes"
prerequisites: "Basic understanding of networking concepts"
tags: ["networking", "reconnaissance", "nmap", "scanning"]
---
## Objectives
By the end of this lab, you will be able to:
- Understand the basics of network scanning
- Use Nmap for port scanning and service detection
- Interpret scan results and identify potential security vulnerabilities
- Apply basic reconnaissance techniques in a controlled environment
## Prerequisites
- Basic knowledge of IP addressing and networking
- Access to a virtual lab environment or isolated network
- Kali Linux or similar penetration testing distribution
## Lab Environment Setup
1. **Virtual Machine Setup**
- Ensure you have Kali Linux running in a virtual machine
- Verify network connectivity to the target systems
- Confirm Nmap is installed: `nmap --version`
2. **Target Environment**
- This lab uses intentionally vulnerable systems for educational purposes
- Never perform these techniques on systems you don't own or lack permission to test
## Exercise 1: Basic Port Scanning
### Step 1: Discover Live Hosts
First, let's discover what hosts are alive on the network:
```bash
nmap -sn 192.168.1.0/24
```
**Questions:**
1. What does the `-sn` flag do?
2. How many hosts were discovered?
### Step 2: Basic TCP Port Scan
Perform a basic TCP port scan on a target host:
```bash
nmap -sS 192.168.1.10
```
**Questions:**
1. What does the `-sS` flag specify?
2. Which ports are open on the target?
3. What services are likely running on these ports?
### Step 3: Service Detection
Now let's identify the services running on open ports:
```bash
nmap -sV 192.168.1.10
```
**Questions:**
1. What additional information does `-sV` provide?
2. Are there any outdated services that might be vulnerable?
## Exercise 2: Advanced Scanning Techniques
### Step 1: OS Detection
Attempt to identify the operating system:
```bash
nmap -O 192.168.1.10
```
**Questions:**
1. What operating system is the target running?
2. How accurate is the detection?
### Step 2: Script Scanning
Use Nmap scripts for vulnerability detection:
```bash
nmap --script vuln 192.168.1.10
```
**Questions:**
1. What vulnerabilities were identified?
2. Which scripts were executed?
## Exercise 3: Stealth and Evasion
### Step 1: Timing Templates
Experiment with different timing templates:
```bash
nmap -T1 192.168.1.10 # Paranoid
nmap -T3 192.168.1.10 # Normal (default)
nmap -T5 192.168.1.10 # Insane
```
**Questions:**
1. How do the different timing templates affect scan speed?
2. When might you use slower timing templates?
### Step 2: Decoy Scanning
Use decoy hosts to mask your scan:
```bash
nmap -D RND:10 192.168.1.10
```
**Questions:**
1. How does decoy scanning work?
2. What are the limitations of this technique?
## Analysis and Documentation
### Scan Results Analysis
1. **Create a target inventory** listing all discovered hosts and their open ports
2. **Identify potential attack vectors** based on the services found
3. **Prioritize targets** based on the services and potential vulnerabilities
### Documentation Template
Create a brief report including:
- Network topology discovered
- List of active hosts
- Open ports and services per host
- Potential vulnerabilities identified
- Recommendations for further testing
## Cleanup
1. Document all scan results
2. Save any interesting output files
3. Clean up temporary files
4. Shut down any test systems properly
## Additional Challenges
1. **Research Challenge**: Look up CVEs for any outdated services you discovered
2. **Automation Challenge**: Write a bash script to automate the scanning process
3. **Stealth Challenge**: Research additional evasion techniques and test them
## Resources
- [Nmap Official Documentation](https://nmap.org/docs.html)
- [Nmap Scripting Engine Guide](https://nmap.org/book/nse.html)
- [Common Port Reference](https://www.speedguide.net/ports.php)
## Conclusion
This lab introduced you to the fundamentals of network scanning using Nmap. You learned how to discover hosts, identify open ports, detect services, and use advanced scanning techniques. These skills form the foundation of network reconnaissance in cybersecurity.
Remember: Always ensure you have proper authorization before scanning any network or system!

256
_labs/lab2-web-vulnerability-assessment.md
View File

@@ -1,256 +0,0 @@
---
title: "Lab 2: Web Application Vulnerability Assessment"
description: "Explore common web application vulnerabilities using OWASP ZAP and manual testing techniques"
difficulty: "Intermediate"
duration: "90 minutes"
prerequisites: "Basic understanding of HTTP, HTML, and web applications"
tags: ["web security", "OWASP", "vulnerability assessment", "ZAP", "SQL injection"]
---
## Objectives
By the end of this lab, you will be able to:
- Set up and configure OWASP ZAP for web application testing
- Identify common web application vulnerabilities
- Perform manual and automated vulnerability assessments
- Understand the OWASP Top 10 vulnerabilities in practice
- Document findings and provide remediation recommendations
## Prerequisites
- Understanding of HTTP protocol and web technologies
- Basic knowledge of HTML, CSS, and JavaScript
- Familiarity with web browsers and developer tools
- Access to OWASP ZAP and a vulnerable web application
## Lab Environment Setup
1. **Install OWASP ZAP**
```bash
# On Kali Linux
sudo apt update && sudo apt install zaproxy
# Or download from https://www.zaproxy.org/download/
```
2. **Target Application**
- We'll use DVWA (Damn Vulnerable Web Application)
- Alternative: WebGoat or Mutillidae
- Ensure the application is running locally or on an isolated network
3. **Browser Configuration**
- Configure your browser to use ZAP as a proxy
- Install any necessary certificates
## Exercise 1: Passive Scanning and Reconnaissance
### Step 1: Configure ZAP Proxy
1. Start OWASP ZAP
2. Configure your browser to use `127.0.0.1:8080` as HTTP proxy
3. Install ZAP's root certificate in your browser
### Step 2: Spider the Application
1. Navigate to your target application (e.g., `http://localhost/dvwa`)
2. Log in with default credentials
3. Use ZAP's spider to crawl the application:
- Right-click on the target URL in ZAP
- Select "Attack" → "Spider"
- Configure spider settings as needed
**Questions:**
1. How many pages did the spider discover?
2. What different types of content were found?
3. Are there any hidden directories or files?
### Step 3: Passive Vulnerability Detection
Review the passive scan results in ZAP:
**Questions:**
1. What passive vulnerabilities were detected?
2. Which findings have the highest risk rating?
3. Are there any false positives?
## Exercise 2: Active Vulnerability Scanning
### Step 1: Configure Active Scan
1. Select the target application in ZAP's site tree
2. Right-click and choose "Attack" → "Active Scan"
3. Configure scan policies and parameters
### Step 2: Analyze Active Scan Results
Monitor the active scan progress and results:
**Questions:**
1. What new vulnerabilities were discovered during active scanning?
2. How do the results differ from passive scanning?
3. Which vulnerabilities pose the greatest risk?
## Exercise 3: Manual Vulnerability Testing
### Step 1: SQL Injection Testing
Test for SQL injection vulnerabilities manually:
1. **Identify Input Fields**
- Login forms
- Search boxes
- URL parameters
2. **Test Basic SQL Injection**
```sql
' OR '1'='1
' OR 1=1--
admin'--
```
3. **Advanced SQL Injection**
```sql
' UNION SELECT null,user(),version()--
' UNION SELECT null,database(),@@version--
```
**Questions:**
1. Which input fields are vulnerable to SQL injection?
2. What information can you extract from the database?
3. Can you bypass authentication using SQL injection?
### Step 2: Cross-Site Scripting (XSS) Testing
Test for XSS vulnerabilities:
1. **Reflected XSS**
```html
<script>alert('XSS')</script>
<img src="x" onerror="alert('XSS')">
```
2. **Stored XSS**
- Submit malicious payloads through forms
- Check if they persist and execute for other users
3. **DOM-based XSS**
- Test client-side input handling
- Examine JavaScript code for vulnerabilities
**Questions:**
1. Where can XSS payloads be successfully injected?
2. What types of XSS vulnerabilities are present?
3. How could these be exploited in a real attack?
### Step 3: Authentication and Session Management
Test authentication mechanisms:
1. **Weak Password Policy**
- Try common passwords
- Test password complexity requirements
2. **Session Management**
- Examine session tokens
- Test session fixation
- Check for session timeout
**Questions:**
1. Are there weaknesses in the authentication system?
2. How secure are the session management mechanisms?
3. Can sessions be hijacked or predicted?
## Exercise 4: Advanced Testing Techniques
### Step 1: Directory Traversal
Test for path traversal vulnerabilities:
```
../../../etc/passwd
..\..\..\..\windows\system32\drivers\etc\hosts
```
### Step 2: File Upload Vulnerabilities
If file upload functionality exists:
1. Test uploading different file types
2. Try to upload malicious files (PHP shells, etc.)
3. Check file validation mechanisms
### Step 3: Business Logic Flaws
Look for application-specific vulnerabilities:
1. Price manipulation in e-commerce
2. Privilege escalation
3. Workflow bypass
## Documentation and Reporting
### Vulnerability Report Template
Create a comprehensive report including:
1. **Executive Summary**
- High-level findings
- Risk assessment
- Business impact
2. **Technical Findings**
- Detailed vulnerability descriptions
- Proof of concept
- CVSS scores
3. **Remediation Recommendations**
- Specific fix instructions
- Best practices
- Timeline for fixes
### Risk Prioritization
Classify vulnerabilities by:
- **Critical**: Remote code execution, SQL injection with data access
- **High**: Authentication bypass, sensitive data exposure
- **Medium**: XSS, information disclosure
- **Low**: Minor configuration issues
## Remediation Verification
After implementing fixes:
1. **Retest Previously Vulnerable Areas**
- Verify fixes are effective
- Ensure no new vulnerabilities introduced
2. **Regression Testing**
- Test application functionality
- Verify security controls work properly
## Additional Challenges
1. **Custom Payloads**: Create your own injection payloads
2. **Automated Testing**: Write custom ZAP scripts
3. **Mobile Testing**: If applicable, test mobile app versions
4. **API Testing**: Test REST/SOAP APIs for vulnerabilities
## Resources
- [OWASP Top 10](https://owasp.org/www-project-top-ten/)
- [OWASP ZAP User Guide](https://www.zaproxy.org/docs/)
- [Web Security Testing Guide](https://owasp.org/www-project-web-security-testing-guide/)
- [PortSwigger Web Security Academy](https://portswigger.net/web-security)
## Conclusion
This lab provided hands-on experience with web application security testing using both automated tools and manual techniques. You learned to identify, exploit, and document common web vulnerabilities while understanding their potential impact and remediation strategies.
Key takeaways:
- Automated tools are helpful but manual testing is essential
- Understanding the business context is crucial for risk assessment
- Proper documentation enables effective remediation
- Regular testing should be part of the development lifecycle
Always ensure you have proper authorization before testing any web application!

364
_labs/lab3-digital-forensics.md
View File

@@ -1,364 +0,0 @@
---
title: "Lab 3: Digital Forensics and Incident Response"
description: "Learn digital forensics techniques to investigate security incidents and analyze evidence"
difficulty: "Advanced"
duration: "120 minutes"
prerequisites: "Understanding of file systems, basic scripting, and incident response procedures"
tags: ["forensics", "incident response", "evidence analysis", "volatility", "disk imaging"]
---
## Objectives
By the end of this lab, you will be able to:
- Create forensically sound disk images
- Analyze volatile memory dumps for indicators of compromise
- Extract and examine digital artifacts from compromised systems
- Document findings following proper chain of custody procedures
- Use industry-standard forensics tools and techniques
## Prerequisites
- Understanding of file systems (NTFS, FAT, ext4)
- Basic knowledge of Windows and Linux operating systems
- Familiarity with command-line tools
- Understanding of incident response procedures
## Lab Environment Setup
1. **Forensics Workstation**
- Kali Linux or SIFT (SANS Investigative Forensics Toolkit)
- Volatility Framework
- Autopsy or Sleuth Kit
- dc3dd or dd for imaging
2. **Evidence Files**
- Sample memory dump (provided)
- Disk image of compromised system
- Network packet captures (PCAP files)
3. **Documentation Tools**
- Case management system or documentation template
- Hash verification tools (md5sum, sha256sum)
## Exercise 1: Memory Analysis
### Step 1: Memory Dump Analysis Setup
1. **Install Volatility**
```bash
git clone https://github.com/volatilityfoundation/volatility.git
cd volatility
python setup.py install
```
2. **Verify Memory Dump**
```bash
# Calculate hash for chain of custody
sha256sum memory_dump.vmem
# Identify the memory dump profile
python vol.py -f memory_dump.vmem imageinfo
```
### Step 2: Process Analysis
Analyze running processes in the memory dump:
```bash
# List all processes
python vol.py -f memory_dump.vmem --profile=Win7SP1x64 pslist
# Show process tree
python vol.py -f memory_dump.vmem --profile=Win7SP1x64 pstree
# Find hidden processes
python vol.py -f memory_dump.vmem --profile=Win7SP1x64 psxview
```
**Questions:**
1. What suspicious processes are running?
2. Are there any processes that seem out of place?
3. Which processes are hidden from normal detection?
### Step 3: Network Connections
Examine network activity:
```bash
# Show network connections
python vol.py -f memory_dump.vmem --profile=Win7SP1x64 netscan
# Display network statistics
python vol.py -f memory_dump.vmem --profile=Win7SP1x64 netstat
```
**Questions:**
1. What external connections were established?
2. Are there any suspicious IP addresses or ports?
3. Which processes initiated network connections?
### Step 4: Malware Detection
Look for indicators of malware:
```bash
# Scan for malware
python vol.py -f memory_dump.vmem --profile=Win7SP1x64 malfind
# Check for code injection
python vol.py -f memory_dump.vmem --profile=Win7SP1x64 hollowfind
# Examine suspicious processes
python vol.py -f memory_dump.vmem --profile=Win7SP1x64 procdump -p [PID] -D output/
```
**Questions:**
1. What malware indicators were found?
2. Which processes show signs of code injection?
3. Can you extract malware samples for further analysis?
## Exercise 2: Disk Forensics
### Step 1: Creating Forensic Images
Create a forensically sound image of the evidence disk:
```bash
# Create disk image with verification
dc3dd if=/dev/sdb of=evidence_disk.img hash=sha256 log=imaging.log
# Alternative with dd
dd if=/dev/sdb of=evidence_disk.img bs=4096 conv=noerror,sync
sha256sum evidence_disk.img > evidence_disk.img.sha256
```
### Step 2: File System Analysis
Mount and analyze the disk image:
```bash
# Mount as read-only
mkdir /mnt/evidence
mount -o ro,loop evidence_disk.img /mnt/evidence
# Analyze with Sleuth Kit
fls -r evidence_disk.img > file_listing.txt
mactime -b file_listing.txt > timeline.txt
```
**Questions:**
1. What file systems are present on the disk?
2. When was the system last accessed?
3. Are there any deleted files of interest?
### Step 3: Artifact Recovery
Search for specific artifacts:
```bash
# Search for specific files
grep -r "password" /mnt/evidence/
find /mnt/evidence -name "*.log" -type f
# Extract browser history
firefox_history_extractor.py /mnt/evidence/Users/*/AppData/
# Examine registry files (Windows)
regripper -r /mnt/evidence/Windows/System32/config/SOFTWARE -p software
```
**Questions:**
1. What user activity artifacts were found?
2. Are there any credentials or sensitive data?
3. What applications were recently used?
## Exercise 3: Timeline Analysis
### Step 1: Create System Timeline
Generate a comprehensive timeline:
```bash
# Create super timeline with log2timeline
log2timeline.py --storage-file timeline.plaso evidence_disk.img
# Convert to readable format
psort.py -o dynamic timeline.plaso > system_timeline.csv
```
### Step 2: Timeline Filtering
Filter timeline for relevant events:
```bash
# Filter by date range
psort.py -o dynamic --slice "2023-01-01,2023-01-31" timeline.plaso
# Filter by keywords
psort.py -o dynamic --strings malware timeline.plaso
```
**Questions:**
1. What significant events occurred during the incident timeframe?
2. Can you identify the initial compromise vector?
3. What actions did the attacker take on the system?
## Exercise 4: Network Forensics
### Step 1: PCAP Analysis
Analyze network traffic captures:
```bash
# Basic statistics
capinfos capture.pcap
# Examine protocols
tshark -r capture.pcap -q -z io,phs
# Extract HTTP traffic
tshark -r capture.pcap -Y "http" -T fields -e http.host -e http.uri
```
### Step 2: Suspicious Traffic Detection
Look for indicators of compromise in network traffic:
```bash
# Search for suspicious domains
tshark -r capture.pcap -Y "dns" -T fields -e dns.qry.name | sort | uniq
# Examine file transfers
tshark -r capture.pcap -Y "ftp-data" --export-objects ftp,extracted_files/
```
**Questions:**
1. What suspicious network activity was detected?
2. Were any files transferred during the incident?
3. Can you identify command and control traffic?
## Exercise 5: Report Generation
### Step 1: Evidence Documentation
Create proper documentation:
1. **Chain of Custody Form**
- Date and time of acquisition
- Hash values for verification
- Personnel involved
- Storage location
2. **Technical Analysis Report**
- Executive summary
- Methodology used
- Key findings
- Supporting evidence
### Step 2: Indicators of Compromise (IOCs)
Document IOCs for threat intelligence:
- File hashes (MD5, SHA-1, SHA-256)
- IP addresses and domains
- Registry keys
- File paths
- Network signatures
## Case Study: Putting It All Together
### Scenario
A company reports that their web server has been compromised. You have been provided with:
- Memory dump from the server
- Disk image of the web server
- Network traffic logs
- System event logs
### Investigation Steps
1. **Initial Triage**
- Verify evidence integrity
- Identify the scope of compromise
- Preserve volatile data
2. **Deep Analysis**
- Memory analysis for running threats
- Disk forensics for persistence mechanisms
- Timeline reconstruction
- Network analysis for data exfiltration
3. **Reporting**
- Document all findings
- Provide remediation recommendations
- Create IOCs for monitoring
## Advanced Challenges
1. **Encrypted Evidence**: Analyze encrypted disk images
2. **Anti-Forensics**: Investigate systems with anti-forensics tools
3. **Mobile Forensics**: Extend techniques to mobile devices
4. **Cloud Forensics**: Analyze cloud-based incidents
## Tools Reference
### Memory Analysis
- Volatility Framework
- Rekall
- WinDbg
### Disk Forensics
- Autopsy
- Sleuth Kit
- EnCase
- FTK
### Network Forensics
- Wireshark
- NetworkMiner
- Moloch
### Reporting
- CaseFile
- Maltego
- Custom scripts
## Best Practices
1. **Evidence Handling**
- Always work with copies
- Maintain chain of custody
- Document everything
- Use write-blockers for physical media
2. **Analysis Methodology**
- Follow established procedures
- Use multiple tools for verification
- Document all steps taken
- Preserve original evidence
3. **Reporting**
- Use clear, non-technical language for executives
- Include technical details for IT teams
- Provide actionable recommendations
- Support findings with evidence
## Resources
- [SANS Digital Forensics and Incident Response](https://www.sans.org/cyber-security-courses/digital-forensics-incident-response/)
- [Volatility Documentation](https://github.com/volatilityfoundation/volatility/wiki)
- [Sleuth Kit Documentation](http://www.sleuthkit.org/sleuthkit/docs.php)
- [NIST Computer Forensics Guidelines](https://csrc.nist.gov/publications/detail/sp/800-86/final)
## Conclusion
This lab provided comprehensive experience in digital forensics and incident response. You learned to analyze memory dumps, perform disk forensics, create timelines, and document findings properly. These skills are essential for investigating security incidents and providing evidence for legal proceedings.
Key takeaways:
- Proper evidence handling is crucial for legal admissibility
- Multiple analysis techniques provide comprehensive understanding
- Timeline analysis helps reconstruct incident sequences
- Documentation must be thorough and accurate
- Continuous learning is essential as attack techniques evolve
Always ensure you have proper authorization and follow legal requirements when conducting forensic investigations!

22
_plugins/include_subdirectories.rb Normal file
View File

@@ -0,0 +1,22 @@
# Plugin to include markdown files from subdirectories in the labs collection
Jekyll::Hooks.register :site, :after_init do |site|
# Find all markdown files in _labs and subdirectories
labs_dir = File.join(site.source, '_labs')
if Dir.exist?(labs_dir)
Dir.glob(File.join(labs_dir, '**', '*.md')).each do |file|
relative_path = file.sub(site.source + '/', '')
# Skip if already in collection
next if site.collections['labs'].docs.any? { |doc| doc.path == file }
# Create a new document for this file
doc = Jekyll::Document.new(file, {
site: site,
collection: site.collections['labs']
})
# Add to collection
site.collections['labs'].docs << doc
end
end
end

14
assets/css/hacktivity-theme.scss
View File

@@ -169,6 +169,20 @@ a:focus {
margin: 2rem 0;
}
.category-heading {
color: var(--fg-color);
border-bottom: 2px solid var(--primary-btnbg-color);
padding-bottom: 0.5rem;
margin-top: 2rem;
margin-bottom: 1rem;
font-size: 1.5rem;
font-weight: 600;
}
.category-labs {
margin-bottom: 2rem;
}
.lab-item {
border: 1px solid var(--panelborder-color);
border-radius: 6px;

47
index.md
View File

@@ -11,26 +11,37 @@ Welcome to the Hacktivity SecGen lab sheets repository. This site contains hands
{% if site.labs.size > 0 %}
<div class="lab-list">
{% for lab in site.labs %}
<div class="lab-item">
<h3><a href="{{ lab.url | relative_url }}">{{ lab.title }}</a></h3>
<p class="lab-description">{{ lab.description | default: lab.excerpt }}</p>
<div class="lab-meta">
{% if lab.difficulty %}
<span class="difficulty">Difficulty: {{ lab.difficulty }}</span>
{% endif %}
{% if lab.duration %}
<span class="duration">Duration: {{ lab.duration }}</span>
{% endif %}
{% if lab.tags %}
<div class="tags">
{% for tag in lab.tags %}
<span class="tag">{{ tag }}</span>
{% endfor %}
{% assign labs_by_category = site.labs | group_by: 'category' %}
{% for category in labs_by_category %}
{% if category.name != blank %}
<h2 class="category-heading">{{ category.name | replace: '_', ' ' | capitalize }}</h2>
{% else %}
<h2 class="category-heading">General Labs</h2>
{% endif %}
<div class="category-labs">
{% for lab in category.items %}
<div class="lab-item">
<h3><a href="{{ lab.url | relative_url }}">{{ lab.title }}</a></h3>
<p class="lab-description">{{ lab.description | default: lab.excerpt }}</p>
<div class="lab-meta">
{% if lab.difficulty %}
<span class="difficulty">Difficulty: {{ lab.difficulty }}</span>
{% endif %}
{% if lab.duration %}
<span class="duration">Duration: {{ lab.duration }}</span>
{% endif %}
{% if lab.tags %}
<div class="tags">
{% for tag in lab.tags %}
<span class="tag">{{ tag }}</span>
{% endfor %}
</div>
{% endif %}
</div>
{% endif %}
</div>
{% endfor %}
</div>
</div>
{% endfor %}
</div>
{% else %}