digital-forensics-labs/SecGen
1
0
Fork 0
mirror of https://github.com/cliffe/SecGen.git synced 2026-02-21 19:28:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/cliffe/SecGen

Browse Source
This commit is contained in:
Z. Cliffe Schreuders
2021-04-23 09:30:07 +01:00
parent f71836aed8 5cd2d8cd26
commit 3943b67698
17 changed files with 188 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lib/templates/Puppetfile.erb
View File

@@ -9,6 +9,7 @@
forge "https://forgeapi.puppetlabs.com"
mod 'puppetlabs-stdlib', '4.24.0' # stdlib enables parsejson() in manifests and other useful functions
mod 'puppetlabs-apt', '7.4.0' # pin apt to 7.4.0 as current version is incompatible with our base boxes
mod 'SecGen-secgen_functions', :path => '<%= SECGEN_FUNCTIONS_PUPPET_DIR %>'
<% @currently_processing_system.module_selections.each do |selected_module| -%>

27
scenarios/labs/labtainers/acl-hackerbot-flags.xml
View File

@@ -12,6 +12,33 @@
<type>lab-sheet</type>
<difficulty>intermediate</difficulty>
<CyBOK KA="AAA" topic="Authorisation">
<keyword>access control</keyword>
<keyword>enforcing access control</keyword>
<keyword>ACCESS CONTROL - DAC (DISCRETIONARY ACCESS CONTROL)</keyword>
<keyword>Vulnerabilities and attacks on access control misconfigurations</keyword>
</CyBOK>
<CyBOK KA="MAT" topic="MALCODE/MALWARE">
<keyword>trojan</keyword>
<keyword>backdoor</keyword>
<keyword>TROJANS - BACKDOOR</keyword>
</CyBOK>
<CyBOK KA="OSVS" topic="Primitives for Isolation and Mediation">
<keyword>Access controls and operating systems</keyword>
<keyword>Linux security model</keyword>
<keyword>Unix File Permissions</keyword>
<keyword>filesystems, inodes, and commands</keyword>
<keyword>umask</keyword>
</CyBOK>
<CyBOK KA="OSVS" topic="Primitives for Isolation and Mediation">
<keyword>Access controls and operating systems</keyword>
<keyword>Linux security model</keyword>
<keyword>Linux Extended Access Control Lists (facl)</keyword>
</CyBOK>
<CyBOK KA="OSVS" topic="Role of Operating Systems">
<keyword>mediation</keyword>
</CyBOK>
<system>
<system_name>desktop</system_name>
<base distro="Debian 9" type="desktop" name="KDE"/>

27
scenarios/labs/labtainers/acl.xml
View File

@@ -12,6 +12,33 @@
<type>lab-sheet</type>
<difficulty>intermediate</difficulty>
<CyBOK KA="AAA" topic="Authorisation">
<keyword>access control</keyword>
<keyword>enforcing access control</keyword>
<keyword>ACCESS CONTROL - DAC (DISCRETIONARY ACCESS CONTROL)</keyword>
<keyword>Vulnerabilities and attacks on access control misconfigurations</keyword>
</CyBOK>
<CyBOK KA="MAT" topic="MALCODE/MALWARE">
<keyword>trojan</keyword>
<keyword>backdoor</keyword>
<keyword>TROJANS - BACKDOOR</keyword>
</CyBOK>
<CyBOK KA="OSVS" topic="Primitives for Isolation and Mediation">
<keyword>Access controls and operating systems</keyword>
<keyword>Linux security model</keyword>
<keyword>Unix File Permissions</keyword>
<keyword>filesystems, inodes, and commands</keyword>
<keyword>umask</keyword>
</CyBOK>
<CyBOK KA="OSVS" topic="Primitives for Isolation and Mediation">
<keyword>Access controls and operating systems</keyword>
<keyword>Linux security model</keyword>
<keyword>Linux Extended Access Control Lists (facl)</keyword>
</CyBOK>
<CyBOK KA="OSVS" topic="Role of Operating Systems">
<keyword>mediation</keyword>
</CyBOK>
<system>
<system_name>desktop</system_name>
<base distro="Debian 9" type="desktop" name="KDE"/>

12
scenarios/labs/labtainers/arp-spoof.xml
View File

@@ -12,6 +12,18 @@
<type>lab-sheet</type>
<difficulty>intermediate</difficulty>
<CyBOK KA="NS" topic="Network Protocols and Vulnerability">
<keyword>ADDRESS RESOLUTION PROTOCOL(ARP)</keyword>
<keyword>ARP (ADDRESS RESOLUTION PROTOCOL)</keyword>
<keyword>ARP SPOOFING</keyword>
<keyword>MITM (MAN-IN-THE-MIDDLE ATTACK)</keyword>
<keyword>MAN-IN-THE-MIDDLE ATTACK (MITM)</keyword>
<keyword>ATTACK(S) - ARP</keyword>
</CyBOK>
<CyBOK KA="SOIM" topic="Monitor: Data Sources">
<keyword>network traffic</keyword>
</CyBOK>
<system>
<system_name>desktop</system_name>
<base distro="Debian 9" type="desktop" name="KDE"/>

11
scenarios/labs/labtainers/backups.xml
View File

@@ -12,6 +12,17 @@
<type>lab-sheet</type>
<difficulty>intermediate</difficulty>
<CyBOK KA="SOIM" topic="Execute: Mitigation and Countermeasures">
<keyword>Recover data and services after an incident</keyword>
<keyword>BACKUP - DIFFERENTIAL</keyword>
<keyword>BACKUP - INFERENTIAL</keyword>
</CyBOK>
<CyBOK KA="SOIM" topic="INCIDENT RESPONSE">
<keyword>RECOVERY - BACKUPS</keyword>
<keyword>RECOVERY</keyword>
<keyword>BACKUPS</keyword>
</CyBOK>
<system>
<system_name>desktop</system_name>
<base distro="Debian 9" type="desktop" name="KDE"/>

11
scenarios/labs/labtainers/backups2.xml
View File

@@ -12,6 +12,17 @@
<type>lab-sheet</type>
<difficulty>intermediate</difficulty>
<CyBOK KA="SOIM" topic="Execute: Mitigation and Countermeasures">
<keyword>Recover data and services after an incident</keyword>
<keyword>BACKUP - DIFFERENTIAL</keyword>
<keyword>BACKUP - INFERENTIAL</keyword>
</CyBOK>
<CyBOK KA="SOIM" topic="INCIDENT RESPONSE">
<keyword>RECOVERY - BACKUPS</keyword>
<keyword>RECOVERY</keyword>
<keyword>BACKUPS</keyword>
</CyBOK>
<system>
<system_name>desktop</system_name>
<base distro="Debian 9" type="desktop" name="KDE"/>

15
scenarios/labs/labtainers/bufoverflow.xml
View File

@@ -12,6 +12,21 @@
<type>lab-sheet</type>
<difficulty>intermediate</difficulty>
<CyBOK KA="SS" topic="Categories of Vulnerabilities">
<keyword>memory management vulnerabilities</keyword>
<keyword>Stack smashing buffer overflows</keyword>
</CyBOK>
<CyBOK KA="MAT" topic="Attacks and exploitation">
<keyword>EXPLOITATION</keyword>
<keyword>EXPLOITATION FRAMEWORKS</keyword>
<keyword>Exploit development</keyword>
<keyword>Metasploit Framework development</keyword>
</CyBOK>
<CyBOK KA="SS" topic="Mitigating Exploitation">
<keyword>ASLR (ADDRESS SPACE LAYOUT RANDOMIZATION)</keyword>
<keyword>NON-EXECUTABLE MEMORY</keyword>
</CyBOK>
<system>
<system_name>desktop</system_name>
<base distro="Debian 9" type="desktop" name="KDE"/>

8
scenarios/labs/labtainers/capabilities.xml
View File

@@ -12,6 +12,14 @@
<type>lab-sheet</type>
<difficulty>intermediate</difficulty>
<CyBOK KA="OSVS" topic="Primitives for Isolation and Mediation">
<keyword>capabilities</keyword>
<keyword>Rule-based controls: Course grained: Linux capabilities</keyword>
</CyBOK>
<CyBOK KA="SOIM" topic="Monitor: Data Sources">
<keyword>network traffic</keyword>
</CyBOK>
<system>
<system_name>desktop</system_name>
<base distro="Debian 9" type="desktop" name="KDE"/>

6
scenarios/labs/labtainers/centos-log.xml
View File

@@ -12,6 +12,12 @@
<type>lab-sheet</type>
<difficulty>intermediate</difficulty>
<CyBOK KA="SOIM" topic="Monitor: Data Sources">
<keyword>application logs: web server logs and files</keyword>
<keyword>system and kernel logs</keyword>
<keyword>Syslog</keyword>
</CyBOK>
<system>
<system_name>desktop</system_name>
<base distro="Debian 9" type="desktop" name="KDE"/>

6
scenarios/labs/labtainers/centos-log2.xml
View File

@@ -12,6 +12,12 @@
<type>lab-sheet</type>
<difficulty>intermediate</difficulty>
<CyBOK KA="SOIM" topic="Monitor: Data Sources">
<keyword>application logs: web server logs and files</keyword>
<keyword>system and kernel logs</keyword>
<keyword>Syslog</keyword>
</CyBOK>
<system>
<system_name>desktop</system_name>
<base distro="Debian 9" type="desktop" name="KDE"/>

7
scenarios/labs/labtainers/cyberciege.xml
View File

@@ -12,6 +12,13 @@
<type>lab-sheet</type>
<difficulty>intermediate</difficulty>
<!--TODO-->
<CyBOK KA="SOIM" topic="Monitor: Data Sources">
<keyword>application logs: web server logs and files</keyword>
<keyword>system and kernel logs</keyword>
<keyword>Syslog</keyword>
</CyBOK>
<system>
<system_name>desktop</system_name>
<base distro="Debian 9" type="desktop" name="KDE"/>

12
scenarios/labs/labtainers/denyhost.xml
View File

@@ -12,6 +12,18 @@
<type>lab-sheet</type>
<difficulty>intermediate</difficulty>
<CyBOK KA="NS" topic="Network Defence Tools">
<keyword>packet filters</keyword>
<keyword>intrusion detection systems</keyword>
<keyword>intrusion prevention systems</keyword>
</CyBOK>
<CyBOK KA="SOIM" topic="Execute: Mitigation and Countermeasures">
<keyword>intrusion prevention systems</keyword>
</CyBOK>
<CyBOK KA="SOIM" topic="CM (CONFIGURATION MANAGEMENT)">
<keyword>SSH (SECURE SHELL)</keyword>
</CyBOK>
<system>
<system_name>desktop</system_name>
<base distro="Debian 9" type="desktop" name="KDE"/>

4
scenarios/labs/labtainers/dmz-example.xml
View File

@@ -12,6 +12,10 @@
<type>lab-sheet</type>
<difficulty>intermediate</difficulty>
<CyBOK KA="NS" topic="Network Defence Tools">
<keyword>DEMILITARISED ZONE (DMZ)</keyword>
</CyBOK>
<system>
<system_name>desktop</system_name>
<base distro="Debian 9" type="desktop" name="KDE"/>

4
scenarios/labs/labtainers/dmz-lab.xml
View File

@@ -12,6 +12,10 @@
<type>lab-sheet</type>
<difficulty>intermediate</difficulty>
<CyBOK KA="NS" topic="Network Defence Tools">
<keyword>DEMILITARISED ZONE (DMZ)</keyword>
</CyBOK>
<system>
<system_name>desktop</system_name>
<base distro="Debian 9" type="desktop" name="KDE"/>

23
scenarios/labs/labtainers/file-deletion.xml
View File

@@ -1,8 +1,8 @@
<?xml version="1.0"?>
<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
<name>Labtainers lab: file-deletion</name>
<author>Z. Cliffe Schreuders</author>
@@ -12,6 +12,11 @@
<type>lab-sheet</type>
<difficulty>intermediate</difficulty>
<CyBOK KA="F" topic="Operating System Analysis">
<keyword>storage forensics</keyword>
<keyword>data recovery and file content carving</keyword>
</CyBOK>
<system>
<system_name>desktop</system_name>
<base distro="Debian 9" type="desktop" name="KDE"/>
@@ -37,8 +42,8 @@
<value>true</value>
</input>
<input into="groups">
<value>docker</value>
</input>
<value>docker</value>
</input>
<input into="leaked_filenames">
<value></value>
</input>
@@ -53,11 +58,11 @@
</input>
<!--Create the groups-->
<utility module_path=".*/groups">
<input into="groups">
<value>docker</value>
</input>
</utility>
<utility module_path=".*/groups">
<input into="groups">
<value>docker</value>
</input>
</utility>
<!--Create the users-->
<utility module_path=".*/parameterised_accounts">
<input into="accounts">

13
scenarios/labs/labtainers/file-integrity.xml
View File

@@ -12,6 +12,19 @@
<type>lab-sheet</type>
<difficulty>intermediate</difficulty>
<CyBOK KA="AAA" topic="Authentication">
<keyword>access control</keyword>
<keyword>Protecting integrity</keyword>
</CyBOK>
<CyBOK KA="F" topic="Operating System Analysis">
<keyword>cryptographic hashing</keyword>
<keyword>storage forensics</keyword>
<keyword>data recovery and file content carving</keyword>
</CyBOK>
<CyBOK KA="SOIM" topic="Monitor: Data Sources">
<keyword>MONITORING - FILE INTEGRITY CHECKERS</keyword>
</CyBOK>
<system>
<system_name>desktop</system_name>
<base distro="Debian 9" type="desktop" name="KDE"/>

10
scenarios/labs/labtainers/formatstring.xml
View File

@@ -12,6 +12,16 @@
<type>lab-sheet</type>
<difficulty>intermediate</difficulty>
<CyBOK KA="MAT" topic="Attacks and exploitation">
<keyword>EXPLOITATION</keyword>
<keyword>Exploit development</keyword>
<keyword>Mitigation bypass: ASLR</keyword>
</CyBOK>
<CyBOK KA="SS" topic="Categories of Vulnerabilities">
<keyword>memory management vulnerabilities</keyword>
<keyword>Format string attacks</keyword>
</CyBOK>
<system>
<system_name>desktop</system_name>
<base distro="Debian 9" type="desktop" name="KDE"/>