cybersecurity/HacktivityLabSheets
1
0
Fork 0
mirror of https://github.com/cliffe/HacktivityLabSheets.git synced 2026-02-20 13:50:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

Implement GitHub Pages site with lab index and sample content

Browse Source 
Co-authored-by: cliffe <670192+cliffe@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2025-09-15 21:35:41 +00:00
parent 5782732147
commit 8acae08d3e
12 changed files with 1583 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
.gitignore vendored Normal file
View File

@@ -0,0 +1,20 @@
# Jekyll build artifacts
_site/
.sass-cache/
.jekyll-cache/
.jekyll-metadata
# Ruby
.bundle/
vendor/
# OS
.DS_Store
Thumbs.db
# Logs
*.log
# Temporary files
*~
.tmp

5
Gemfile Normal file
View File

@@ -0,0 +1,5 @@
source 'https://rubygems.org'
gem 'jekyll'
gem 'jekyll-feed'
gem 'jekyll-sitemap'

86
Gemfile.lock Normal file
View File

@@ -0,0 +1,86 @@
GEM
remote: https://rubygems.org/
specs:
addressable (2.8.7)
public_suffix (>= 2.0.2, < 7.0)
base64 (0.3.0)
bigdecimal (3.1.3)
colorator (1.1.0)
concurrent-ruby (1.3.5)
csv (3.2.6)
em-websocket (0.5.3)
eventmachine (>= 0.12.9)
http_parser.rb (~> 0)
eventmachine (1.2.7)
ffi (1.17.2-x86_64-linux-gnu)
forwardable-extended (2.6.0)
google-protobuf (4.32.1-x86_64-linux-gnu)
bigdecimal
rake (>= 13)
http_parser.rb (0.8.0)
i18n (1.14.7)
concurrent-ruby (~> 1.0)
jekyll (4.4.1)
addressable (~> 2.4)
base64 (~> 0.2)
colorator (~> 1.0)
csv (~> 3.0)
em-websocket (~> 0.5)
i18n (~> 1.0)
jekyll-sass-converter (>= 2.0, < 4.0)
jekyll-watch (~> 2.0)
json (~> 2.6)
kramdown (~> 2.3, >= 2.3.1)
kramdown-parser-gfm (~> 1.0)
liquid (~> 4.0)
mercenary (~> 0.3, >= 0.3.6)
pathutil (~> 0.9)
rouge (>= 3.0, < 5.0)
safe_yaml (~> 1.0)
terminal-table (>= 1.8, < 4.0)
webrick (~> 1.7)
jekyll-feed (0.17.0)
jekyll (>= 3.7, < 5.0)
jekyll-sass-converter (3.1.0)
sass-embedded (~> 1.75)
jekyll-sitemap (1.4.0)
jekyll (>= 3.7, < 5.0)
jekyll-watch (2.2.1)
listen (~> 3.0)
json (2.6.3)
kramdown (2.5.1)
rexml (>= 3.3.9)
kramdown-parser-gfm (1.1.0)
kramdown (~> 2.0)
liquid (4.0.4)
listen (3.9.0)
rb-fsevent (~> 0.10, >= 0.10.3)
rb-inotify (~> 0.9, >= 0.9.10)
mercenary (0.4.0)
pathutil (0.16.2)
forwardable-extended (~> 2.6)
public_suffix (6.0.2)
rake (13.0.6)
rb-fsevent (0.11.2)
rb-inotify (0.11.1)
ffi (~> 1.0)
rexml (3.4.3)
rouge (3.28.0)
safe_yaml (1.0.5)
sass-embedded (1.92.1-x86_64-linux-gnu)
google-protobuf (~> 4.31)
terminal-table (3.0.2)
unicode-display_width (>= 1.1.1, < 3)
unicode-display_width (2.6.0)
webrick (1.8.1)
PLATFORMS
x86_64-linux-gnu
DEPENDENCIES
jekyll
jekyll-feed
jekyll-sitemap
BUNDLED WITH
2.7.2

110
README.md
View File

@@ -1,2 +1,110 @@
# HacktivityLabSheets
Lab sheets for Hacktivity SecGen labs
Lab sheets for Hacktivity SecGen labs - A collection of hands-on cybersecurity lab exercises.
## 🌐 Live Site
Visit the lab sheets at: **https://cliffe.github.io/HacktivityLabSheets**
## 📚 Available Labs
This repository contains practical cybersecurity lab exercises designed for educational purposes. Each lab includes:
- Step-by-step instructions
- Learning objectives
- Prerequisites
- Expected duration
- Hands-on exercises with real tools
- Analysis questions
- Additional challenges
### Current Lab Topics
- **Network Scanning**: Learn reconnaissance techniques with Nmap
- **Web Application Security**: Vulnerability assessment with OWASP ZAP
- **Digital Forensics**: Incident response and evidence analysis
- More labs are continuously being added!
## 🚀 Using the Labs
1. Visit the [live site](https://cliffe.github.io/HacktivityLabSheets) to browse available labs
2. Click on any lab title to view detailed instructions
3. Follow the setup and execution steps provided
4. Complete the exercises and answer the analysis questions
## 🛠 Local Development
To run the site locally for development:
```bash
# Install Jekyll (if not already installed)
gem install bundler jekyll
# Clone the repository
git clone https://github.com/cliffe/HacktivityLabSheets.git
cd HacktivityLabSheets
# Install dependencies
bundle install
# Serve the site locally
bundle exec jekyll serve
# Visit http://localhost:4000 in your browser
```
## 📝 Contributing New Labs
We welcome contributions of new lab exercises! To add a new lab:
1. Create a new markdown file in the `_labs/` directory
2. Use the following front matter template:
```yaml
---
title: "Lab X: Your Lab Title"
description: "Brief description of what the lab covers"
difficulty: "Beginner/Intermediate/Advanced"
duration: "X minutes"
prerequisites: "Required background knowledge"
tags: ["tag1", "tag2", "tag3"]
---
```
3. Write your lab content using markdown
4. Test locally before submitting a pull request
### Lab Content Guidelines
- **Clear Objectives**: Start with what students will learn
- **Prerequisites**: List required background knowledge
- **Step-by-Step Instructions**: Provide detailed, testable steps
- **Questions and Analysis**: Include thought-provoking questions
- **Safety Warnings**: Always emphasize ethical use and authorization
- **Resources**: Link to additional learning materials
## ⚠️ Ethical Use
All lab exercises are designed for educational purposes in controlled environments. Users must:
- Only practice on systems they own or have explicit permission to test
- Follow all applicable laws and regulations
- Respect terms of service and acceptable use policies
- Use knowledge gained responsibly and ethically
## 📄 License
This project is licensed under the GPL-3.0 License - see the [LICENSE](LICENSE) file for details.
## 🤝 Support
If you encounter issues or have questions:
1. Check the lab instructions carefully
2. Review the prerequisites
3. Open an issue on GitHub with detailed information
4. Join the discussion in our community forums
## 🎯 About SecGen
These labs are designed to work with [SecGen (Security Scenario Generator)](https://github.com/cliffe/SecGen), which creates vulnerable virtual machines for security education and training.

40
_config.yml Normal file
View File

@@ -0,0 +1,40 @@
# Site settings
title: Hacktivity Lab Sheets
description: Lab sheets for Hacktivity SecGen labs
baseurl: "/HacktivityLabSheets"
url: "https://cliffe.github.io"
# GitHub Pages settings
github:
repository_name: HacktivityLabSheets
# Jekyll settings
markdown: kramdown
highlighter: rouge
# Collections for organizing labs
collections:
labs:
output: true
permalink: /:collection/:name/
# Default settings for lab posts
defaults:
- scope:
path: "_labs"
type: "labs"
values:
layout: "lab"
# Plugin settings
plugins:
- jekyll-feed
- jekyll-sitemap
# Exclude files from processing
exclude:
- README.md
- LICENSE
- .gitignore
- Gemfile
- Gemfile.lock

170
_labs/lab1-network-scanning.md Normal file
View File

@@ -0,0 +1,170 @@
---
title: "Lab 1: Basic Network Scanning"
description: "Learn the fundamentals of network scanning using Nmap and other reconnaissance tools"
difficulty: "Beginner"
duration: "45 minutes"
prerequisites: "Basic understanding of networking concepts"
tags: ["networking", "reconnaissance", "nmap", "scanning"]
---
## Objectives
By the end of this lab, you will be able to:
- Understand the basics of network scanning
- Use Nmap for port scanning and service detection
- Interpret scan results and identify potential security vulnerabilities
- Apply basic reconnaissance techniques in a controlled environment
## Prerequisites
- Basic knowledge of IP addressing and networking
- Access to a virtual lab environment or isolated network
- Kali Linux or similar penetration testing distribution
## Lab Environment Setup
1. **Virtual Machine Setup**
- Ensure you have Kali Linux running in a virtual machine
- Verify network connectivity to the target systems
- Confirm Nmap is installed: `nmap --version`
2. **Target Environment**
- This lab uses intentionally vulnerable systems for educational purposes
- Never perform these techniques on systems you don't own or lack permission to test
## Exercise 1: Basic Port Scanning
### Step 1: Discover Live Hosts
First, let's discover what hosts are alive on the network:
```bash
nmap -sn 192.168.1.0/24
```
**Questions:**
1. What does the `-sn` flag do?
2. How many hosts were discovered?
### Step 2: Basic TCP Port Scan
Perform a basic TCP port scan on a target host:
```bash
nmap -sS 192.168.1.10
```
**Questions:**
1. What does the `-sS` flag specify?
2. Which ports are open on the target?
3. What services are likely running on these ports?
### Step 3: Service Detection
Now let's identify the services running on open ports:
```bash
nmap -sV 192.168.1.10
```
**Questions:**
1. What additional information does `-sV` provide?
2. Are there any outdated services that might be vulnerable?
## Exercise 2: Advanced Scanning Techniques
### Step 1: OS Detection
Attempt to identify the operating system:
```bash
nmap -O 192.168.1.10
```
**Questions:**
1. What operating system is the target running?
2. How accurate is the detection?
### Step 2: Script Scanning
Use Nmap scripts for vulnerability detection:
```bash
nmap --script vuln 192.168.1.10
```
**Questions:**
1. What vulnerabilities were identified?
2. Which scripts were executed?
## Exercise 3: Stealth and Evasion
### Step 1: Timing Templates
Experiment with different timing templates:
```bash
nmap -T1 192.168.1.10 # Paranoid
nmap -T3 192.168.1.10 # Normal (default)
nmap -T5 192.168.1.10 # Insane
```
**Questions:**
1. How do the different timing templates affect scan speed?
2. When might you use slower timing templates?
### Step 2: Decoy Scanning
Use decoy hosts to mask your scan:
```bash
nmap -D RND:10 192.168.1.10
```
**Questions:**
1. How does decoy scanning work?
2. What are the limitations of this technique?
## Analysis and Documentation
### Scan Results Analysis
1. **Create a target inventory** listing all discovered hosts and their open ports
2. **Identify potential attack vectors** based on the services found
3. **Prioritize targets** based on the services and potential vulnerabilities
### Documentation Template
Create a brief report including:
- Network topology discovered
- List of active hosts
- Open ports and services per host
- Potential vulnerabilities identified
- Recommendations for further testing
## Cleanup
1. Document all scan results
2. Save any interesting output files
3. Clean up temporary files
4. Shut down any test systems properly
## Additional Challenges
1. **Research Challenge**: Look up CVEs for any outdated services you discovered
2. **Automation Challenge**: Write a bash script to automate the scanning process
3. **Stealth Challenge**: Research additional evasion techniques and test them
## Resources
- [Nmap Official Documentation](https://nmap.org/docs.html)
- [Nmap Scripting Engine Guide](https://nmap.org/book/nse.html)
- [Common Port Reference](https://www.speedguide.net/ports.php)
## Conclusion
This lab introduced you to the fundamentals of network scanning using Nmap. You learned how to discover hosts, identify open ports, detect services, and use advanced scanning techniques. These skills form the foundation of network reconnaissance in cybersecurity.
Remember: Always ensure you have proper authorization before scanning any network or system!

256
_labs/lab2-web-vulnerability-assessment.md Normal file
View File

@@ -0,0 +1,256 @@
---
title: "Lab 2: Web Application Vulnerability Assessment"
description: "Explore common web application vulnerabilities using OWASP ZAP and manual testing techniques"
difficulty: "Intermediate"
duration: "90 minutes"
prerequisites: "Basic understanding of HTTP, HTML, and web applications"
tags: ["web security", "OWASP", "vulnerability assessment", "ZAP", "SQL injection"]
---
## Objectives
By the end of this lab, you will be able to:
- Set up and configure OWASP ZAP for web application testing
- Identify common web application vulnerabilities
- Perform manual and automated vulnerability assessments
- Understand the OWASP Top 10 vulnerabilities in practice
- Document findings and provide remediation recommendations
## Prerequisites
- Understanding of HTTP protocol and web technologies
- Basic knowledge of HTML, CSS, and JavaScript
- Familiarity with web browsers and developer tools
- Access to OWASP ZAP and a vulnerable web application
## Lab Environment Setup
1. **Install OWASP ZAP**
```bash
# On Kali Linux
sudo apt update && sudo apt install zaproxy
# Or download from https://www.zaproxy.org/download/
```
2. **Target Application**
- We'll use DVWA (Damn Vulnerable Web Application)
- Alternative: WebGoat or Mutillidae
- Ensure the application is running locally or on an isolated network
3. **Browser Configuration**
- Configure your browser to use ZAP as a proxy
- Install any necessary certificates
## Exercise 1: Passive Scanning and Reconnaissance
### Step 1: Configure ZAP Proxy
1. Start OWASP ZAP
2. Configure your browser to use `127.0.0.1:8080` as HTTP proxy
3. Install ZAP's root certificate in your browser
### Step 2: Spider the Application
1. Navigate to your target application (e.g., `http://localhost/dvwa`)
2. Log in with default credentials
3. Use ZAP's spider to crawl the application:
- Right-click on the target URL in ZAP
- Select "Attack" → "Spider"
- Configure spider settings as needed
**Questions:**
1. How many pages did the spider discover?
2. What different types of content were found?
3. Are there any hidden directories or files?
### Step 3: Passive Vulnerability Detection
Review the passive scan results in ZAP:
**Questions:**
1. What passive vulnerabilities were detected?
2. Which findings have the highest risk rating?
3. Are there any false positives?
## Exercise 2: Active Vulnerability Scanning
### Step 1: Configure Active Scan
1. Select the target application in ZAP's site tree
2. Right-click and choose "Attack" → "Active Scan"
3. Configure scan policies and parameters
### Step 2: Analyze Active Scan Results
Monitor the active scan progress and results:
**Questions:**
1. What new vulnerabilities were discovered during active scanning?
2. How do the results differ from passive scanning?
3. Which vulnerabilities pose the greatest risk?
## Exercise 3: Manual Vulnerability Testing
### Step 1: SQL Injection Testing
Test for SQL injection vulnerabilities manually:
1. **Identify Input Fields**
- Login forms
- Search boxes
- URL parameters
2. **Test Basic SQL Injection**
```sql
' OR '1'='1
' OR 1=1--
admin'--
```
3. **Advanced SQL Injection**
```sql
' UNION SELECT null,user(),version()--
' UNION SELECT null,database(),@@version--
```
**Questions:**
1. Which input fields are vulnerable to SQL injection?
2. What information can you extract from the database?
3. Can you bypass authentication using SQL injection?
### Step 2: Cross-Site Scripting (XSS) Testing
Test for XSS vulnerabilities:
1. **Reflected XSS**
```html
<script>alert('XSS')</script>
<img src="x" onerror="alert('XSS')">
```
2. **Stored XSS**
- Submit malicious payloads through forms
- Check if they persist and execute for other users
3. **DOM-based XSS**
- Test client-side input handling
- Examine JavaScript code for vulnerabilities
**Questions:**
1. Where can XSS payloads be successfully injected?
2. What types of XSS vulnerabilities are present?
3. How could these be exploited in a real attack?
### Step 3: Authentication and Session Management
Test authentication mechanisms:
1. **Weak Password Policy**
- Try common passwords
- Test password complexity requirements
2. **Session Management**
- Examine session tokens
- Test session fixation
- Check for session timeout
**Questions:**
1. Are there weaknesses in the authentication system?
2. How secure are the session management mechanisms?
3. Can sessions be hijacked or predicted?
## Exercise 4: Advanced Testing Techniques
### Step 1: Directory Traversal
Test for path traversal vulnerabilities:
```
../../../etc/passwd
..\..\..\..\windows\system32\drivers\etc\hosts
```
### Step 2: File Upload Vulnerabilities
If file upload functionality exists:
1. Test uploading different file types
2. Try to upload malicious files (PHP shells, etc.)
3. Check file validation mechanisms
### Step 3: Business Logic Flaws
Look for application-specific vulnerabilities:
1. Price manipulation in e-commerce
2. Privilege escalation
3. Workflow bypass
## Documentation and Reporting
### Vulnerability Report Template
Create a comprehensive report including:
1. **Executive Summary**
- High-level findings
- Risk assessment
- Business impact
2. **Technical Findings**
- Detailed vulnerability descriptions
- Proof of concept
- CVSS scores
3. **Remediation Recommendations**
- Specific fix instructions
- Best practices
- Timeline for fixes
### Risk Prioritization
Classify vulnerabilities by:
- **Critical**: Remote code execution, SQL injection with data access
- **High**: Authentication bypass, sensitive data exposure
- **Medium**: XSS, information disclosure
- **Low**: Minor configuration issues
## Remediation Verification
After implementing fixes:
1. **Retest Previously Vulnerable Areas**
- Verify fixes are effective
- Ensure no new vulnerabilities introduced
2. **Regression Testing**
- Test application functionality
- Verify security controls work properly
## Additional Challenges
1. **Custom Payloads**: Create your own injection payloads
2. **Automated Testing**: Write custom ZAP scripts
3. **Mobile Testing**: If applicable, test mobile app versions
4. **API Testing**: Test REST/SOAP APIs for vulnerabilities
## Resources
- [OWASP Top 10](https://owasp.org/www-project-top-ten/)
- [OWASP ZAP User Guide](https://www.zaproxy.org/docs/)
- [Web Security Testing Guide](https://owasp.org/www-project-web-security-testing-guide/)
- [PortSwigger Web Security Academy](https://portswigger.net/web-security)
## Conclusion
This lab provided hands-on experience with web application security testing using both automated tools and manual techniques. You learned to identify, exploit, and document common web vulnerabilities while understanding their potential impact and remediation strategies.
Key takeaways:
- Automated tools are helpful but manual testing is essential
- Understanding the business context is crucial for risk assessment
- Proper documentation enables effective remediation
- Regular testing should be part of the development lifecycle
Always ensure you have proper authorization before testing any web application!

364
_labs/lab3-digital-forensics.md Normal file
View File

@@ -0,0 +1,364 @@
---
title: "Lab 3: Digital Forensics and Incident Response"
description: "Learn digital forensics techniques to investigate security incidents and analyze evidence"
difficulty: "Advanced"
duration: "120 minutes"
prerequisites: "Understanding of file systems, basic scripting, and incident response procedures"
tags: ["forensics", "incident response", "evidence analysis", "volatility", "disk imaging"]
---
## Objectives
By the end of this lab, you will be able to:
- Create forensically sound disk images
- Analyze volatile memory dumps for indicators of compromise
- Extract and examine digital artifacts from compromised systems
- Document findings following proper chain of custody procedures
- Use industry-standard forensics tools and techniques
## Prerequisites
- Understanding of file systems (NTFS, FAT, ext4)
- Basic knowledge of Windows and Linux operating systems
- Familiarity with command-line tools
- Understanding of incident response procedures
## Lab Environment Setup
1. **Forensics Workstation**
- Kali Linux or SIFT (SANS Investigative Forensics Toolkit)
- Volatility Framework
- Autopsy or Sleuth Kit
- dc3dd or dd for imaging
2. **Evidence Files**
- Sample memory dump (provided)
- Disk image of compromised system
- Network packet captures (PCAP files)
3. **Documentation Tools**
- Case management system or documentation template
- Hash verification tools (md5sum, sha256sum)
## Exercise 1: Memory Analysis
### Step 1: Memory Dump Analysis Setup
1. **Install Volatility**
```bash
git clone https://github.com/volatilityfoundation/volatility.git
cd volatility
python setup.py install
```
2. **Verify Memory Dump**
```bash
# Calculate hash for chain of custody
sha256sum memory_dump.vmem
# Identify the memory dump profile
python vol.py -f memory_dump.vmem imageinfo
```
### Step 2: Process Analysis
Analyze running processes in the memory dump:
```bash
# List all processes
python vol.py -f memory_dump.vmem --profile=Win7SP1x64 pslist
# Show process tree
python vol.py -f memory_dump.vmem --profile=Win7SP1x64 pstree
# Find hidden processes
python vol.py -f memory_dump.vmem --profile=Win7SP1x64 psxview
```
**Questions:**
1. What suspicious processes are running?
2. Are there any processes that seem out of place?
3. Which processes are hidden from normal detection?
### Step 3: Network Connections
Examine network activity:
```bash
# Show network connections
python vol.py -f memory_dump.vmem --profile=Win7SP1x64 netscan
# Display network statistics
python vol.py -f memory_dump.vmem --profile=Win7SP1x64 netstat
```
**Questions:**
1. What external connections were established?
2. Are there any suspicious IP addresses or ports?
3. Which processes initiated network connections?
### Step 4: Malware Detection
Look for indicators of malware:
```bash
# Scan for malware
python vol.py -f memory_dump.vmem --profile=Win7SP1x64 malfind
# Check for code injection
python vol.py -f memory_dump.vmem --profile=Win7SP1x64 hollowfind
# Examine suspicious processes
python vol.py -f memory_dump.vmem --profile=Win7SP1x64 procdump -p [PID] -D output/
```
**Questions:**
1. What malware indicators were found?
2. Which processes show signs of code injection?
3. Can you extract malware samples for further analysis?
## Exercise 2: Disk Forensics
### Step 1: Creating Forensic Images
Create a forensically sound image of the evidence disk:
```bash
# Create disk image with verification
dc3dd if=/dev/sdb of=evidence_disk.img hash=sha256 log=imaging.log
# Alternative with dd
dd if=/dev/sdb of=evidence_disk.img bs=4096 conv=noerror,sync
sha256sum evidence_disk.img > evidence_disk.img.sha256
```
### Step 2: File System Analysis
Mount and analyze the disk image:
```bash
# Mount as read-only
mkdir /mnt/evidence
mount -o ro,loop evidence_disk.img /mnt/evidence
# Analyze with Sleuth Kit
fls -r evidence_disk.img > file_listing.txt
mactime -b file_listing.txt > timeline.txt
```
**Questions:**
1. What file systems are present on the disk?
2. When was the system last accessed?
3. Are there any deleted files of interest?
### Step 3: Artifact Recovery
Search for specific artifacts:
```bash
# Search for specific files
grep -r "password" /mnt/evidence/
find /mnt/evidence -name "*.log" -type f
# Extract browser history
firefox_history_extractor.py /mnt/evidence/Users/*/AppData/
# Examine registry files (Windows)
regripper -r /mnt/evidence/Windows/System32/config/SOFTWARE -p software
```
**Questions:**
1. What user activity artifacts were found?
2. Are there any credentials or sensitive data?
3. What applications were recently used?
## Exercise 3: Timeline Analysis
### Step 1: Create System Timeline
Generate a comprehensive timeline:
```bash
# Create super timeline with log2timeline
log2timeline.py --storage-file timeline.plaso evidence_disk.img
# Convert to readable format
psort.py -o dynamic timeline.plaso > system_timeline.csv
```
### Step 2: Timeline Filtering
Filter timeline for relevant events:
```bash
# Filter by date range
psort.py -o dynamic --slice "2023-01-01,2023-01-31" timeline.plaso
# Filter by keywords
psort.py -o dynamic --strings malware timeline.plaso
```
**Questions:**
1. What significant events occurred during the incident timeframe?
2. Can you identify the initial compromise vector?
3. What actions did the attacker take on the system?
## Exercise 4: Network Forensics
### Step 1: PCAP Analysis
Analyze network traffic captures:
```bash
# Basic statistics
capinfos capture.pcap
# Examine protocols
tshark -r capture.pcap -q -z io,phs
# Extract HTTP traffic
tshark -r capture.pcap -Y "http" -T fields -e http.host -e http.uri
```
### Step 2: Suspicious Traffic Detection
Look for indicators of compromise in network traffic:
```bash
# Search for suspicious domains
tshark -r capture.pcap -Y "dns" -T fields -e dns.qry.name | sort | uniq
# Examine file transfers
tshark -r capture.pcap -Y "ftp-data" --export-objects ftp,extracted_files/
```
**Questions:**
1. What suspicious network activity was detected?
2. Were any files transferred during the incident?
3. Can you identify command and control traffic?
## Exercise 5: Report Generation
### Step 1: Evidence Documentation
Create proper documentation:
1. **Chain of Custody Form**
- Date and time of acquisition
- Hash values for verification
- Personnel involved
- Storage location
2. **Technical Analysis Report**
- Executive summary
- Methodology used
- Key findings
- Supporting evidence
### Step 2: Indicators of Compromise (IOCs)
Document IOCs for threat intelligence:
- File hashes (MD5, SHA-1, SHA-256)
- IP addresses and domains
- Registry keys
- File paths
- Network signatures
## Case Study: Putting It All Together
### Scenario
A company reports that their web server has been compromised. You have been provided with:
- Memory dump from the server
- Disk image of the web server
- Network traffic logs
- System event logs
### Investigation Steps
1. **Initial Triage**
- Verify evidence integrity
- Identify the scope of compromise
- Preserve volatile data
2. **Deep Analysis**
- Memory analysis for running threats
- Disk forensics for persistence mechanisms
- Timeline reconstruction
- Network analysis for data exfiltration
3. **Reporting**
- Document all findings
- Provide remediation recommendations
- Create IOCs for monitoring
## Advanced Challenges
1. **Encrypted Evidence**: Analyze encrypted disk images
2. **Anti-Forensics**: Investigate systems with anti-forensics tools
3. **Mobile Forensics**: Extend techniques to mobile devices
4. **Cloud Forensics**: Analyze cloud-based incidents
## Tools Reference
### Memory Analysis
- Volatility Framework
- Rekall
- WinDbg
### Disk Forensics
- Autopsy
- Sleuth Kit
- EnCase
- FTK
### Network Forensics
- Wireshark
- NetworkMiner
- Moloch
### Reporting
- CaseFile
- Maltego
- Custom scripts
## Best Practices
1. **Evidence Handling**
- Always work with copies
- Maintain chain of custody
- Document everything
- Use write-blockers for physical media
2. **Analysis Methodology**
- Follow established procedures
- Use multiple tools for verification
- Document all steps taken
- Preserve original evidence
3. **Reporting**
- Use clear, non-technical language for executives
- Include technical details for IT teams
- Provide actionable recommendations
- Support findings with evidence
## Resources
- [SANS Digital Forensics and Incident Response](https://www.sans.org/cyber-security-courses/digital-forensics-incident-response/)
- [Volatility Documentation](https://github.com/volatilityfoundation/volatility/wiki)
- [Sleuth Kit Documentation](http://www.sleuthkit.org/sleuthkit/docs.php)
- [NIST Computer Forensics Guidelines](https://csrc.nist.gov/publications/detail/sp/800-86/final)
## Conclusion
This lab provided comprehensive experience in digital forensics and incident response. You learned to analyze memory dumps, perform disk forensics, create timelines, and document findings properly. These skills are essential for investigating security incidents and providing evidence for legal proceedings.
Key takeaways:
- Proper evidence handling is crucial for legal admissibility
- Multiple analysis techniques provide comprehensive understanding
- Timeline analysis helps reconstruct incident sequences
- Documentation must be thorough and accurate
- Continuous learning is essential as attack techniques evolve
Always ensure you have proper authorization and follow legal requirements when conducting forensic investigations!

49
_layouts/default.html Normal file
View File

@@ -0,0 +1,49 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>{% if page.title %}{{ page.title | escape }} | {% endif %}{{ site.title | escape }}</title>
<meta name="description" content="{{ page.description | default: site.description | strip_html | normalize_whitespace | truncate: 160 | escape }}">
<link rel="stylesheet" href="{{ '/assets/css/main.css' | relative_url }}">
<link rel="canonical" href="{{ page.url | replace:'index.html','' | absolute_url }}">
{% if site.plugins contains 'jekyll-feed' %}
<link type="application/atom+xml" rel="alternate" href="{{ '/feed.xml' | relative_url }}" title="{{ site.title | escape }}" />
{% endif %}
</head>
<body>
<header class="site-header">
<div class="wrapper">
<a class="site-title" href="{{ '/' | relative_url }}">{{ site.title | escape }}</a>
<nav class="site-nav">
<span class="menu-icon"></span>
<div class="trigger">
<a class="page-link" href="{{ '/' | relative_url }}">Home</a>
<a class="page-link" href="https://github.com/{{ site.github.repository_name }}" target="_blank">GitHub</a>
</div>
</nav>
</div>
</header>
<main class="page-content">
<div class="wrapper">
{{ content }}
</div>
</main>
<footer class="site-footer">
<div class="wrapper">
<p class="footer-text">
© 2024 {{ site.title | escape }}.
<a href="https://github.com/cliffe/{{ site.github.repository_name }}">View on GitHub</a>
</p>
</div>
</footer>
</body>
</html>

148
_layouts/lab.html Normal file
View File

@@ -0,0 +1,148 @@
---
layout: default
---
<article class="lab-content">
<header class="lab-header">
<h1>{{ page.title }}</h1>
{% if page.description %}
<p class="lab-description">{{ page.description }}</p>
{% endif %}
<div class="lab-metadata">
{% if page.difficulty %}
<div class="metadata-item">
<strong>Difficulty:</strong> {{ page.difficulty }}
</div>
{% endif %}
{% if page.duration %}
<div class="metadata-item">
<strong>Estimated Duration:</strong> {{ page.duration }}
</div>
{% endif %}
{% if page.prerequisites %}
<div class="metadata-item">
<strong>Prerequisites:</strong> {{ page.prerequisites }}
</div>
{% endif %}
{% if page.tags %}
<div class="metadata-item">
<strong>Tags:</strong>
{% for tag in page.tags %}
<span class="tag">{{ tag }}</span>
{% endfor %}
</div>
{% endif %}
</div>
</header>
<div class="lab-content-body">
{{ content }}
</div>
<footer class="lab-footer">
<a href="{{ '/' | relative_url }}" class="back-link">← Back to Lab Index</a>
</footer>
</article>
<style>
.lab-content {
max-width: 800px;
margin: 0 auto;
padding: 2rem;
}
.lab-header {
border-bottom: 2px solid #e1e4e8;
padding-bottom: 1.5rem;
margin-bottom: 2rem;
}
.lab-header h1 {
margin-bottom: 0.5rem;
}
.lab-description {
font-size: 1.125rem;
color: #586069;
margin-bottom: 1rem;
}
.lab-metadata {
display: grid;
gap: 0.5rem;
background-color: #f8f9fa;
padding: 1rem;
border-radius: 6px;
border: 1px solid #e1e4e8;
}
.metadata-item {
font-size: 0.875rem;
}
.metadata-item strong {
color: #24292e;
}
.tag {
background-color: #f1f8ff;
color: #0366d6;
padding: 0.125rem 0.5rem;
border-radius: 12px;
font-size: 0.75rem;
border: 1px solid #c8e1ff;
margin-left: 0.25rem;
}
.lab-content-body {
line-height: 1.6;
}
.lab-content-body h2 {
border-bottom: 1px solid #e1e4e8;
padding-bottom: 0.3rem;
margin-top: 2rem;
margin-bottom: 1rem;
}
.lab-content-body h3 {
margin-top: 1.5rem;
margin-bottom: 0.75rem;
}
.lab-content-body code {
background-color: #f6f8fa;
padding: 0.125rem 0.25rem;
border-radius: 3px;
font-size: 0.875rem;
}
.lab-content-body pre {
background-color: #f6f8fa;
padding: 1rem;
border-radius: 6px;
overflow-x: auto;
}
.lab-content-body pre code {
background-color: transparent;
padding: 0;
}
.lab-footer {
margin-top: 3rem;
padding-top: 1.5rem;
border-top: 1px solid #e1e4e8;
}
.back-link {
color: #0366d6;
text-decoration: none;
font-weight: 500;
}
.back-link:hover {
text-decoration: underline;
}
</style>

207
assets/css/main.scss Normal file
View File

@@ -0,0 +1,207 @@
---
---
/* Base styles */
* {
box-sizing: border-box;
}
body {
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', 'Roboto', 'Oxygen', 'Ubuntu', Cantarell, 'Fira Sans', 'Droid Sans', 'Helvetica Neue', sans-serif;
line-height: 1.6;
color: #24292e;
background-color: #ffffff;
margin: 0;
padding: 0;
}
.wrapper {
max-width: 1200px;
margin: 0 auto;
padding: 0 2rem;
}
/* Header */
.site-header {
background-color: #f8f9fa;
border-bottom: 1px solid #e1e4e8;
padding: 1rem 0;
}
.site-title {
font-size: 1.5rem;
font-weight: 600;
color: #0366d6;
text-decoration: none;
float: left;
}
.site-title:hover {
text-decoration: underline;
}
.site-nav {
float: right;
margin-top: 0.25rem;
}
.site-nav .menu-icon {
display: none;
}
.site-nav .page-link {
color: #586069;
text-decoration: none;
margin-left: 1.5rem;
font-weight: 500;
}
.site-nav .page-link:hover {
color: #0366d6;
text-decoration: underline;
}
/* Main content */
.page-content {
padding: 2rem 0;
min-height: calc(100vh - 200px);
}
/* Typography */
h1, h2, h3, h4, h5, h6 {
margin-top: 2rem;
margin-bottom: 1rem;
font-weight: 600;
line-height: 1.25;
}
h1 {
font-size: 2rem;
border-bottom: 1px solid #e1e4e8;
padding-bottom: 0.3rem;
}
h2 {
font-size: 1.5rem;
border-bottom: 1px solid #e1e4e8;
padding-bottom: 0.3rem;
}
h3 {
font-size: 1.25rem;
}
p {
margin-bottom: 1rem;
}
/* Links */
a {
color: #0366d6;
text-decoration: none;
}
a:hover {
text-decoration: underline;
}
/* Code */
code {
background-color: #f6f8fa;
color: #24292e;
padding: 0.125rem 0.25rem;
border-radius: 3px;
font-size: 0.875rem;
font-family: 'SFMono-Regular', Consolas, 'Liberation Mono', Menlo, monospace;
}
pre {
background-color: #f6f8fa;
color: #24292e;
padding: 1rem;
border-radius: 6px;
overflow-x: auto;
font-family: 'SFMono-Regular', Consolas, 'Liberation Mono', Menlo, monospace;
font-size: 0.875rem;
line-height: 1.45;
}
pre code {
background-color: transparent;
padding: 0;
border-radius: 0;
}
/* Lists */
ul, ol {
margin-bottom: 1rem;
padding-left: 2rem;
}
li {
margin-bottom: 0.25rem;
}
/* Tables */
table {
border-collapse: collapse;
width: 100%;
margin-bottom: 1rem;
}
th, td {
border: 1px solid #e1e4e8;
padding: 0.5rem;
text-align: left;
}
th {
background-color: #f6f8fa;
font-weight: 600;
}
/* Footer */
.site-footer {
background-color: #f8f9fa;
border-top: 1px solid #e1e4e8;
padding: 2rem 0;
text-align: center;
}
.footer-text {
color: #586069;
font-size: 0.875rem;
}
.footer-text a {
color: #0366d6;
}
/* Clearfix */
.site-header::after {
content: "";
display: table;
clear: both;
}
/* Responsive */
@media (max-width: 768px) {
.wrapper {
padding: 0 1rem;
}
.site-title {
float: none;
display: block;
margin-bottom: 1rem;
}
.site-nav {
float: none;
}
.site-nav .page-link {
margin-left: 0;
margin-right: 1rem;
}
}

129
index.md Normal file
View File

@@ -0,0 +1,129 @@
---
layout: default
title: Hacktivity Lab Sheets
---
# Hacktivity Lab Sheets
Welcome to the Hacktivity SecGen lab sheets repository. This site contains hands-on cybersecurity lab exercises designed for educational purposes.
## Available Labs
{% if site.labs.size > 0 %}
<div class="lab-list">
{% for lab in site.labs %}
<div class="lab-item">
<h3><a href="{{ lab.url | relative_url }}">{{ lab.title }}</a></h3>
<p class="lab-description">{{ lab.description | default: lab.excerpt }}</p>
<div class="lab-meta">
{% if lab.difficulty %}
<span class="difficulty">Difficulty: {{ lab.difficulty }}</span>
{% endif %}
{% if lab.duration %}
<span class="duration">Duration: {{ lab.duration }}</span>
{% endif %}
{% if lab.tags %}
<div class="tags">
{% for tag in lab.tags %}
<span class="tag">{{ tag }}</span>
{% endfor %}
</div>
{% endif %}
</div>
</div>
{% endfor %}
</div>
{% else %}
<div class="no-labs">
<p>No labs are currently available. Labs will be added as they are developed.</p>
<p>Check back soon for new cybersecurity lab exercises!</p>
</div>
{% endif %}
## About
These lab sheets are designed to work with SecGen (Security Scenario Generator) and provide practical, hands-on experience with various cybersecurity concepts and techniques.
### How to Use
1. Browse the available labs above
2. Click on a lab title to view the detailed instructions
3. Follow the setup and execution steps provided in each lab
4. Complete the challenges and questions included in each exercise
### Contributing
If you'd like to contribute new labs or improvements to existing ones, please see the repository's contribution guidelines.
<style>
.lab-list {
margin: 2rem 0;
}
.lab-item {
border: 1px solid #e1e4e8;
border-radius: 6px;
padding: 1.5rem;
margin-bottom: 1rem;
background-color: #f8f9fa;
}
.lab-item h3 {
margin-top: 0;
margin-bottom: 0.5rem;
}
.lab-item h3 a {
text-decoration: none;
color: #0366d6;
}
.lab-item h3 a:hover {
text-decoration: underline;
}
.lab-description {
margin-bottom: 1rem;
color: #586069;
}
.lab-meta {
display: flex;
flex-wrap: wrap;
gap: 1rem;
font-size: 0.875rem;
}
.difficulty, .duration {
color: #586069;
font-weight: 500;
}
.tags {
display: flex;
gap: 0.25rem;
}
.tag {
background-color: #f1f8ff;
color: #0366d6;
padding: 0.125rem 0.5rem;
border-radius: 12px;
font-size: 0.75rem;
border: 1px solid #c8e1ff;
}
.no-labs {
text-align: center;
padding: 2rem;
background-color: #f8f9fa;
border: 1px solid #e1e4e8;
border-radius: 6px;
margin: 2rem 0;
}
.no-labs p {
margin: 0.5rem 0;
color: #586069;
}
</style>