digital-forensics-labs/SecGen
1
0
Fork 0
mirror of https://github.com/cliffe/SecGen.git synced 2026-02-20 13:50:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Improve and update metadata descriptions of lab scenarios

Browse Source
This commit is contained in:
Z. Cliffe Schreuders
2023-11-07 23:55:15 +00:00
parent 9b44d47f32
commit 4e4ad45247
46 changed files with 324 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
scenarios/labs/cyber_security_landscape/3_phishing.xml
View File

@@ -7,8 +7,10 @@
<name>Let's Go Phishing</name>
<author>Z. Cliffe Schreuders</author>
<description>
# Introduction
Humans play a crucial role in the cyber security of systems and information. Many attacks target users and their mental models of cyber security systems and risk. For example, if an attacker can trick a user into performing tasks for them, the attacker can achieve their goals and gain access that they are not authorised to.
# Introduction
Humans play a crucial role in the cyber security of systems and information. Many attacks target users and their mental models of cyber security systems and risk. For example, if an attacker can trick a user into performing tasks for them, the attacker can achieve their goals and gain access that they are not authorised to. Human behavior often serves as both the first line of defense and the weakest link. This lab delves into the critical role humans play in safeguarding systems and information. It highlights the fact that even the most robust technical defenses can be compromised due to human error and deception. This lab primarily focuses on a pervasive cyber threat - phishing attacks. Phishing, an artful manipulation of human psychology, lures individuals into compromising security by tricking them into revealing sensitive information, clicking malicious links, or installing malware. Through this hands-on exercise, you will gain insights into how attackers exploit human vulnerabilities, learn the tactics used to craft convincing phishing emails, and explore techniques to create malicious attachments that can compromise a user's system.
In this lab, you will embark on a simulated cybersecurity mission within a fictitious organization. Your objective is to browse the organization's website to gather information on employees, email addresses, and their potential interests. You will then employ the tactics of engagement by sending targeted phishing emails to these individuals, using techniques such as spoofing emails, creating malicious attachments (executable programs, LibreOffice documents with macros), and more. As your victims respond to your emails, they will reveal why they trust or distrust your messages, providing invaluable feedback. The ultimate goal is to persuade these users to open the malicious attachments, granting you remote access to their systems. Your mission culminates in accessing the coveted "flag" files hidden in each victim's home directory, which you will submit as proof of your success. This lab offers a unique opportunity to understand how cybersecurity threats exploit human psychology, providing a practical foundation to enhance cyber awareness and strengthen defenses against these deceptive tactics.
</description>
<lab_sheet_url>https://docs.google.com/document/d/1Yb28GYRLD0Ihnb5oeFp-TGurhb8BZfm_qFbSSrGEknI/edit?usp=sharing</lab_sheet_url>
<type>ctf-lab</type>

11
scenarios/labs/cyber_security_landscape/4_encoding_encryption.xml
View File

@@ -6,9 +6,16 @@
<name>Encoding and Encryption Lab</name>
<author>Z. Cliffe Schreuders</author>
<description>Decode the files in your home directory.</description>
<description>
# Introduction
Cryptography is a fundamental aspect of information security, enabling us to secure data from prying eyes and malicious actors. This hands-on lab will equip you with essential knowledge and skills related to encoding schemes, hash algorithms, and the use of tools like OpenSSL and Gnu Privacy Guard (GPG). You'll explore concepts like encoding data into different formats, encrypting and decrypting information, and managing keys. These skills are crucial for anyone interested in the field of cybersecurity, data protection, or simply understanding how secure communication works in the digital age.
<!-- TODO: lab sheet link -->
Throughout the lab, you'll learn to encode strings into various formats, including hexadecimal and Base64. You'll experiment with symmetric key encryption using the Data Encryption Standard (DES) and the Advanced Encryption Standard (AES). Additionally, you'll explore public-key cryptography with GPG, creating and managing keys, encrypting and decrypting data, and understanding the importance of key pairs.
In the home directory of your VM there are a series of encoding and encryption CTF challenges for you to complete, to put your knowledge into practice.
</description>
<lab_sheet_url>https://docs.google.com/document/d/1wKm2c7yxhM-9GnAiS_Mgvk_8-H7FKEBeGeMc6H0KlwA/edit?usp=sharing</lab_sheet_url>
<type>ctf-lab</type>
<type>hackerbot-lab</type>

8
scenarios/labs/cyber_security_landscape/6_symmetric_enc_aes.xml
View File

@@ -6,7 +6,13 @@
<name>Symmetric Encryption with AES</name>
<author>Z. Cliffe Schreuders</author>
<description>A Hackerbot lab. Work through the labsheet, then when prompted interact with Hackerbot. Topics covered: Symmetric Encryption, Advanced Encryption Standard (AES)</description>
<description>
Symmetric encryption involves using the same key for both the encryption and decryption of data. In this lab, you will explore symmetric encryption with a focus on the Advanced Encryption Standard (AES). AES is a widely used block cipher that plays a crucial role in securing data in various applications, from secure communications to data protection. This lab aims to provide you with a high-level understanding of AES and its fundamental operations, such as Substitution (SubBytes), Permutation (ShiftRows and MixColumns), and Key Addition (Round Key). You will also explore how to work with AES encryption and decryption using both the GPG tool and Python3 with the Cryptodome module. This practical hands-on experience will equip you with the knowledge and skills necessary to apply AES encryption to secure your data.
Throughout this lab, you will have the opportunity to complete a series of tasks and challenges. These practical exercises will not only help you understand the underlying principles of AES but also equip you with the skills to apply this encryption technique to real-world scenarios, ensuring the security and confidentiality of your data.
This is a Hackerbot lab. The labsheet is available once you claim a set of VMs. Work through the labsheet, then when prompted interact with Hackerbot.
</description>
<type>ctf-lab</type>
<type>hackerbot-lab</type>

8
scenarios/labs/cyber_security_landscape/7_asymmetric_enc_rsa.xml
View File

@@ -6,7 +6,13 @@
<name>Asymmetric Encryption with RSA</name>
<author>Z. Cliffe Schreuders</author>
<description>A Hackerbot lab. Work through the labsheet, then when prompted interact with Hackerbot. Topics covered: Asymmetric Encryption, RSA</description>
<description>
Public key cryptography (also known as asymmetric encryption) enables secure communication, digital signatures, and data encryption without the need for a shared secret key. In this lab you will delve into the world of public key cryptography, specifically focusing on the RSA (Rivest-Shamir-Adleman) cipher, one of the most widely used asymmetric encryption methods. This lab will help you understand the fundamental principles of RSA encryption, key pair generation, and encryption/decryption processes. You will also interact with Hackerbot, a chatbot designed to challenge and test your knowledge as you progress through the exercises.
Throughout this lab, you will learn the key concepts and procedures related to RSA encryption. You will start by generating RSA key pairs and performing encryption and decryption operations using both OpenSSL and Python. You will pick prime numbers, calculate modulus and phi(N), select encryption and decryption keys, and apply these concepts to encrypt and decrypt messages. The lab includes various Hackerbot challenges that you will complete, such as creating key pairs, encrypting and decrypting messages, and solving encryption-related quizzes. These practical exercises will deepen your understanding of RSA encryption and help you gain hands-on experience in using this cryptographic technique to secure information and communication.
This is a Hackerbot lab. The labsheet is available once you claim a set of VMs. Work through the labsheet, then when prompted interact with Hackerbot.
</description>
<type>ctf-lab</type>
<type>hackerbot-lab</type>

4
scenarios/labs/introducing_attacks/1_intro_linux.xml
View File

@@ -8,7 +8,9 @@
<author>Z. Cliffe Schreuders</author>
<description>
# Introduction
This topic covers lots of ground regarding fundamentals of Linux and free open source software (FOSS).
In this lab, you will delve into the fascinating world of Linux and security tools, gaining practical knowledge and skills that are highly relevant in the field of cybersecurity. Linux is a powerful and versatile operating system widely used in the IT industry. Understanding Linux and its command-line interface is crucial for anyone interested in security testing and ethical hacking. You'll begin by familiarizing yourself with Linux basics, from fundamental command-line operations to concepts like piping between programs and file redirection. This lab will also introduce you to the Kali Linux distribution, a platform designed for penetration testing and ethical hacking.
Throughout this lab, you will learn how to perform various tasks, such as creating and manipulating files, exploring the Linux file system, and conducting network-related activities. You will gain hands-on experience with SSH, a secure remote shell protocol used for administration, and even attempt online brute force attacks to understand the importance of security in the digital realm. By the end of this lab, you will have honed your Linux command-line skills, developed a basic understanding of networking, and practiced using essential security tools, preparing you for more advanced challenges in the field of cybersecurity. Get ready to embark on an engaging journey where you will explore the core elements of Linux and security.
# Lecture
[Slides here](http://z.cliffe.schreuders.org/presentations/slides/DSL_DS_OSPT_Lectures_1_Intro_to_Unix_FOSS_and_Linux.html)

7
scenarios/labs/introducing_attacks/2_malware_msf_payloads.xml
View File

@@ -8,7 +8,10 @@
<author>Z. Cliffe Schreuders</author>
<description>
# Introduction
This week we will cover the ever present danger of malicious code, the problems with the traditional approaches such as anti-malware, and you will try your hand at using the Metasploit Framework to create a Trojan horse program.
In this hands-on lab you will dive into the intriguing world of malware and ethical hacking, exploring how attackers create and deploy malicious software to compromise computer systems. The lab introduces you to various types of malware, such as Trojan horses, viruses, and worms, shedding light on their distinct characteristics and functionalities. You will also get acquainted with the powerful Metasploit framework, a widely-used tool in the realm of ethical hacking, and learn how to generate malicious payloads using it.
Throughout this engaging learning experience, you will undertake practical tasks, such as creating a Trojan horse that adds a new user to a Windows system, evading anti-malware detection by encoding and utilizing executable templates, and experimenting with various payloads. These hands-on exercises will equip you with essential skills in understanding, generating, and testing malware, all within a controlled and ethical learning environment. Whether you're a budding ethical hacker or simply curious about the world of cybersecurity, this lab will provide valuable insights and practical knowledge in the field of malware and penetration testing. So, gear up to explore the darker side of computing and learn how to protect against it. You'll explore, experiment, and emerge with practical expertise in a controlled environment.
# Lecture
[Slides here](http://z.cliffe.schreuders.org/presentations/slides/DSL_DS_OSPT_Lectures_2_Malware.html)
@@ -111,7 +114,7 @@ Chapter 19 "Malicious Logic": Bishop, M. (2005), Introduction to Computer Securi
<utility module_path=".*/handy_cli_tools"/>
<service module_path=".*/apache"/>
<utility module_path=".*/nmap"/>
<utility module_path=".*/clamav"/>
<network type="private_network" >

4
scenarios/labs/introducing_attacks/3_vulnerabilities.xml
View File

@@ -8,7 +8,9 @@
<author>Z. Cliffe Schreuders</author>
<description>
# Introduction
This week we will cover one of the major threats in computer security: software vulnerabilities. You will learn about the danger these pose, and start to learn about the power of the Metasploit framework, a popular hacking and penetration testing tool. You will learn and apply a number of important concepts such as payloads, shell code, bind and reverse shells, and both remote and local (client-side) exploits.
In this lab you will explore one of the major threats in computer security: software vulnerabilities. It's a critical topic in the field of cybersecurity, as understanding how attackers exploit weaknesses in software systems is essential for both defensive and offensive security measures. The lab will cover various aspects, starting with an introduction to software vulnerabilities and the causes behind them, moving on to explore different types of payloads, such as bind shells and reverse shells. You will also get hands-on experience with the Metasploit framework, a powerful tool for conducting security assessments and penetration testing.
Throughout this lab, you will gain a deeper understanding of software vulnerabilities, how exploits work, and the techniques attackers use to gain remote access to vulnerable systems. You will learn and apply both remote and local (client-side) exploits. You'll simulate creating and using a malicious PDF document to compromise a system, as well as remotely exploiting a system with known vulnerabilities. This hands-on experience will provide you with valuable insights into the world of cybersecurity and start to learn about the power of the Metasploit framework, a popular hacking and penetration testing tool.
# Lecture
[Slides here](http://z.cliffe.schreuders.org/presentations/slides/DSL_DS_OSPT_Lectures_3_Vulnerabilities.html)

4
scenarios/labs/introducing_attacks/4_dns_footprinting.xml
View File

@@ -8,7 +8,9 @@
<author>Z. Cliffe Schreuders</author>
<description>
# Introduction
The topic of information gathering spans two weeks, and covers practical steps that an attacker needs to take in order to attack a system, starting with footprinting (discovering systems to attack) and scanning (learning more about the systems such as what kinds of attacks they are vulnerable to).
In this lab on information gathering, you will dive into the initial stage of preparing for various cybersecurity assessments and penetration tests. Information gathering involves understanding a target and its potential vulnerabilities by collecting data that can be used for social engineering attacks, identifying network ranges and exposed systems, and discovering various services that may be potential entry points for attackers. This lab focuses on identifying hosts using DNS (Domain Name System) and provides hands-on experience with tools and techniques that ethical hackers and security professionals use to gather valuable insights about their targets.
Throughout this lab, you will learn how to use DNS-related commands and tools to determine IP addresses associated with domain names, perform reverse DNS lookups, explore DNS zone transfers to identify servers, and utilize Whois to extract domain ownership information. You will also work with automated DNS footprinting tools like dnstracer, dnsmap, dnsenum, and dnsrecon to efficiently collect valuable data. By the end of this lab, you will have a solid foundation in information gathering techniques that are essential for ethical hacking and security testing, allowing you to move on to the scanning phase of a target assessment.
# Lecture
[Slides here](http://z.cliffe.schreuders.org/presentations/slides/DSL_DS_OSPT_Lectures_4_Information_gathering.html)

4
scenarios/labs/introducing_attacks/5_scanning.xml
View File

@@ -8,7 +8,9 @@
<author>Z. Cliffe Schreuders</author>
<description>
# Introduction
This week we learn how to scan networks to get an understanding of and to map out a network. Scanning is a critical stage for an attacker, since it can give them the information they need in order to launch an attack.
Information gathering and network scanning are processes aimed at understanding the structure of a network and identifying potential vulnerabilities, and ensuring the overall security of the network. Scanning a critical stage for an attacker, since it can give them the information they need in order to launch an attack. By delving into this lab, you will acquire essential knowledge and practical skills necessary for both defensive and offensive security strategies
This lab provides an in-depth exploration of scanning techniques. You will learn how to perform ping sweeps to identify live hosts on a network, create your own ping sweep bash script, and use Nmap (a popular and powerful open source tool) for host discovery. You will also explore the world of port scanning, creating your own port scanner using a bash script, and conducting SYN port scans. Additionally, you will gain insights into service identification through banner grabbing and protocol analysis, and discover methods to detect the operating system of a remote system. By the end of this lab, you will be equipped with a comprehensive understanding of network scanning techniques and will have hands-on experience in executing these scans to assess the security of target systems.
# Reading
[Chapter 2 Reconnaissance and Chapter 3 Scanning. Engebretson, P. (2011), The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy, Elsevier Inc. (ISBN: 978-1-59749-655-1) Available online via the library](http://www.sciencedirect.com/science/book/9781597496551)

4
scenarios/labs/introducing_attacks/6_exploitation.xml
View File

@@ -8,7 +8,9 @@
<author>Z. Cliffe Schreuders</author>
<description>
# Introduction
This week we learn how we can scan networks to discover vulnerable services, and exploit them.
This lab provides hands-on experience in scanning and exploitation, allowing you to delve into the mindset of an ethical hacker. You will explore the process of moving from initial network scanning to identifying vulnerabilities, searching for exploits, and ultimately gaining control of target systems.
In this lab, you will learn how to scan a network for vulnerable servers, use Metasploit and Armitage for exploitation, and search for vulnerabilities in online databases. Specifically, you will perform tasks such as running network scans using Nmap, importing scan results into Metasploit, searching for Metasploit exploits for various platforms and services, launching exploits to gain access to target systems, and using Armitage to automate certain aspects of the hacking process. By the end of the lab, you will have gained valuable insights into the tactics and techniques used by both malicious actors and cybersecurity professionals.
# Reading
[Chapter 2 Reconnaissance and Chapter 3 Scanning. Engebretson, P. (2011), The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy, Elsevier Inc. (ISBN: 978-1-59749-655-1) Available online via the library](http://www.sciencedirect.com/science/book/9781597496551)

4
scenarios/labs/introducing_attacks/7_post-exploitation.xml
View File

@@ -8,7 +8,9 @@
<author>Z. Cliffe Schreuders</author>
<description>
# Introduction
Once an attacker has a foothold in a system, they can misuse the privileges they have “appropriated” to take actions on the system, or go on to try to gain even more access on this or other connected systems. You will learn the skills used by an attacker or security tester, to take action once an exploit has been successful.
Post-exploitation is the phase where an attacker, having gained initial access to a target system, aims to further exploit the compromised system, gather information, escalate privileges, and maintain access. Once an attacker has a foothold in a system, they can misuse the privileges they have “appropriated” to take actions on the system, or go on to try to gain even more access on this or other connected systems. In this lab, you will delve into the intricacies of post-exploitation in a controlled environment, gaining hands-on experience in a range of activities that mirror real-world cyberattacks.
You will learn the skills used by an attacker or security tester, to take action once an exploit has been successful. Throughout this lab, you will learn how to identify and exploit vulnerabilities in a target system, understand the extent of access you have gained, and execute privilege escalation to elevate your control on the compromised system. You will compile and transfer a local privilege escalation exploit, collect password hashes, and discover sensitive data. Additionally, you will explore advanced payloads, such as Meterpreter, and experiment with features like keylogging and screen capturing. You will also understand the concept of pivoting, where you attack one system through another, and cover your tracks to maintain stealth. By the end of this comprehensive lab, you will have completed the essential stages of a typical cyberattack, enhancing your skills and knowledge in the field of cybersecurity.
# Suggested reading
[An excellent resource is Metasploit Unleashed.](http://www.offensive-security.com/metasploit-unleashed/Exploits)

5
scenarios/labs/introducing_attacks/8_vulnerability_analysis.xml
View File

@@ -8,7 +8,10 @@
<author>Z. Cliffe Schreuders</author>
<description>
# Introduction
It is important for organisations to manage the security of their systems and for security professionals to efficiently scan networks for vulnerabilities.
It is important for organisations to manage the security of their systems and for security professionals to efficiently scan networks for vulnerabilities. Vulnerability assessment is a critical practice aimed at identifying and addressing weaknesses in computer systems. This process is instrumental in safeguarding networks and data from potential threats and attacks. In this lab, you will explore a range of industry-standard tools, such as Nmap, Nessus, and Nikto, to evaluate the security posture of vulnerable services. The lab provides a hands-on experience that will equip you with the skills and knowledge to detect vulnerabilities, assess their severity, and understand the importance of using different tools for comprehensive security assessments.
Throughout this lab, you will learn how to use Nmap and its Nmap scripting engine (NSE) to perform vulnerability scanning, discover potential weaknesses in a target system, and gain insights into the ethical hacking and penetration testing process. You will also explore Nessus, a commercial vulnerability scanner, and understand how it operates, what vulnerabilities it can identify, and how to interpret the results. Additionally, you will utilize Nikto, a web vulnerability scanner, to assess the security of web servers, identifying critical vulnerabilities. By completing tasks like initiating scans, analyzing results, and considering the limitations of automated tools, you will gain a practical understanding of vulnerability assessment and the role it plays in strengthening cybersecurity.
</description>
<lab_sheet_url>https://docs.google.com/document/d/1rdNcOmYOjsRu97Gh3ds8HbTpORGxbMcd2Q7U4TATIbw/edit?usp=sharing</lab_sheet_url>

9
scenarios/labs/response_and_investigation/1_integrity_protection.xml
View File

@@ -6,7 +6,14 @@
<name>Integrity protection lab</name>
<author>Z. Cliffe Schreuders</author>
<description>A Hackerbot lab. Work through the labsheet, then when prompted interact with Hackerbot. Topics covered: Protecting integrity with file attributes; Protecting integrity with read-only filesystems.</description>
<description>
# Introduction
This lab addresses preserving the integrity of your digital assets. In today's data-driven world, ensuring the accuracy and reliability of information is of utmost importance. Unauthorized changes, whether intentional or accidental, can lead to significant data breaches and compromise the trustworthiness of your system. This lab is designed to provide you with essential knowledge and practical skills to fortify the security of your data by exploring key theoretical concepts like file permissions, file attributes, and read-only filesystems.
Throughout this lab, you will engage in practical exercises to grasp fundamental principles of data integrity protection. You'll explore the use of file attributes to restrict access and protect sensitive information. Furthermore, you'll discover the utility of read-only filesystems by mounting directories in read-only mode, ensuring that changes cannot be made to critical system files. By completing these exercises and challenges, you will acquire the skills to protect your system's integrity, thereby bolstering your cybersecurity proficiency and enhancing your ability to maintain data confidentiality and availability.
This is a Hackerbot lab. The labsheet is available once you claim a set of VMs. Work through the labsheet, then when prompted interact with Hackerbot.
</description>
<type>ctf-lab</type>
<type>hackerbot-lab</type>

9
scenarios/labs/response_and_investigation/2_integrity_detection.xml
View File

@@ -6,7 +6,14 @@
<name>Integrity detection lab</name>
<author>Z. Cliffe Schreuders</author>
<description>A Hackerbot lab. Work through the labsheet, then when prompted interact with Hackerbot. Topics covered: Detecting changes to resources using backups; File integrity checkers; Detecting changes to resources using package management.</description>
<description>
# Introduction
Integrity management is a crucial aspect of information security, focusing on preventing and detecting unauthorized changes to resources, such as files and configurations, within a computer system. Maintaining the integrity of these resources is vital in ensuring the trustworthiness of a system, as any unauthorized changes can lead to security breaches and data corruption. This lab sheet delves into the various techniques for detecting changes to system integrity, including the use of backups, file hashing, and package verification. It emphasizes the importance of these methods in safeguarding the integrity of a system and provides hands-on exercises to demonstrate their practical application.
In this lab, you will learn about different strategies for detecting unauthorized changes. You will create and compare backups of critical system files, generate and compare file hashes using tools like md5sum and sha1deep, and explore the concept of package verification to check the integrity of installed software packages. You will face challenges from Hackerbot, where you'll apply the learned techniques to detect and respond to various security threats, such as detecting new users, changes to config files, and replaced binary files with malware. This hands-on experience will equip you with the skills and knowledge needed to protect and maintain the integrity of a computer system, a fundamental component of effective information security.
This is a Hackerbot lab. The labsheet is available once you claim a set of VMs. Work through the labsheet, then when prompted interact with Hackerbot.
</description>
<type>ctf-lab</type>
<type>hackerbot-lab</type>

22
scenarios/labs/response_and_investigation/3_backups_and_recovery.xml
View File

@@ -6,7 +6,27 @@
<name>Backups lab</name>
<author>Z. Cliffe Schreuders</author>
<description>A Hackerbot lab. Work through the labsheet, then when prompted interact with Hackerbot. Topics covered: Rsync, and backups and restoring data using differential and incremental backups.</description>
<description>
# Introduction
This lab focuses on the critical aspect of contingency planning in the context of cybersecurity and data management. It highlights the importance of maintaining data availability and system reliability, especially when dealing with potential disasters and security incidents. The lab delves into practical strategies for creating reliable backups, understanding recovery procedures, and implementing backup solutions using the powerful rsync command.
In this lab, you will learn how to utilize SSH/SCP for secure file transfer, create full, differential, and incremental backups using the rsync tool, and employ backups for efficient data protection. You will also explore the concept of snapshot backups, which allow for efficient storage of data by using hard links to unchanged files. Throughout the lab, you will engage in hands-on tasks such as copying directories, performing backups, restoring files, and setting up remote backups. By completing these exercises, you will gain valuable skills in contingency planning and data backup strategies, which are essential for maintaining the availability and security of critical systems and data.
This is a Hackerbot lab. The labsheet is available once you claim a set of VMs. Work through the labsheet, then when prompted interact with Hackerbot.
# Tips for the lab
[This resource is really really useful for understanding what happens when using Rsync depending on whether you include or don't include a slash at the end of a path, which often catches people out.](https://web.archive.org/web/20220703112235/http://qdosmsq.dunbar-it.co.uk/blog/2013/02/rsync-to-slash-or-not-to-slash/)
This lab needs to be completed in order.
Manually check you have done your backups correctly before telling Hackerbot you are ready. It may be a good idea to ssh to your backup server in a separate console tab ssh IP-ADDRESS (but do keep an eye on which system you are running each command on!).
Keep an eye on the trailing slashes in rsync commands and how it changes the behaviour (the difference between copying a directory or it's contents).
Each time you can test that your rsync command is going to do what you expect by adding -n to the command, which does a "Dry Run" without making any of the actual changes -- once you are happy it's making the changes you expect, run it again without the -n
</description>
<type>ctf-lab</type>
<type>hackerbot-lab</type>

9
scenarios/labs/response_and_investigation/4_ids.xml
View File

@@ -6,7 +6,14 @@
<name>IDS lab</name>
<author>Z. Cliffe Schreuders</author>
<description>A Hackerbot lab. Work through the labsheet, then when prompted interact with Hackerbot. </description>
<description>
# Introduction
Intrusion Detection and Prevention Systems (IDS/IPS) are crucial components of network security, helping organizations monitor and defend against malicious activities and unauthorized access. This lab focuses on network monitoring basics and hands-on experience with tools like Tcpdump, Wireshark, and Snort, all useful for detecting and responding to potential threats. Network monitoring is a foundational practice in cybersecurity, as it allows you to observe network traffic and identify any suspicious or unwanted behavior. In this lab, you will gain practical experience by monitoring live network traffic, setting up Snort to detect network attacks, and analyzing the captured data. By the end of this lab, you will have a better understanding of how IDS/IPS systems work and how to configure and use them effectively to enhance network security.
During this hands-on lab, you will learn how to set up network monitoring tools like Tcpdump and Wireshark to observe live network traffic. You will use these tools to detect specific strings in network packets and identify port scanning attempts on a web server. Additionally, you will configure Snort, a popular IDS, to monitor network traffic to detect network activities of interest. As part of your practical exercises, you will trigger Snort alerts by sending ICMP pings and monitor the alerts generated. Throughout the lab, you will also interact with Hackerbot, which will simulate network attacks, and you will need to use the tools you've learned to detect and respond to these simulated attacks. By completing these tasks, you will develop practical skills in network monitoring and intrusion detection.
This is a Hackerbot lab. The labsheet is available once you claim a set of VMs. Work through the labsheet, then when prompted interact with Hackerbot.
</description>
<type>ctf-lab</type>
<type>hackerbot-lab</type>

5
scenarios/labs/response_and_investigation/5_ids_rules.xml
View File

@@ -7,11 +7,12 @@
<name>IDS rules lab</name>
<author>Z. Cliffe Schreuders</author>
<description>
# Introduction
In this lab on Intrusion Detection and Prevention Systems, you will delve into the world of network security, learning how to configure and monitor a network using Snort, a popular open-source intrusion detection system. This lab will guide you through the process of setting up Snort, and creating custom intrusion detection rules.
Throughout this lab, you will gain hands-on experience in configuring Snort to monitor network traffic. You will learn how to create custom Snort rules to detect specific network activities, and use Wireshark to capture and analyze network packets. The lab will also present you with a series of Hackerbot challenges, where you will apply your knowledge to detect and respond to various network attacks. For example, you will create Snort rules to detect attempts to access specific ports, monitor unencrypted email authentication, and more. By the end of this lab, you will have a solid understanding of intrusion detection and prevention systems, as well as practical experience in configuring and monitoring them to safeguard your network from potential threats.
This is a Hackerbot lab. Work through the labsheet, then when prompted interact with Hackerbot.
This is a Hackerbot lab. The labsheet is available once you claim a set of VMs. Work through the labsheet, then when prompted interact with Hackerbot.
</description>
<type>ctf-lab</type>
@@ -360,7 +361,7 @@
</generator>
</input>
</utility>
<utility module_path=".*/mirror_traffic_to_ids_iptables">
<input into="ids_IP_address">
<datastore access="1">IP_addresses</datastore>

5
scenarios/labs/response_and_investigation/6_exfiltration_detection.xml
View File

@@ -7,11 +7,12 @@
<name>Exfiltration detection lab</name>
<author>Z. Cliffe Schreuders</author>
<description>
# Introduction
In this lab, you will delve into the critical realm of Data Loss Prevention (DLP) and exfiltration detection. Data loss prevention is a vital cybersecurity practice aimed at safeguarding sensitive information from unauthorized access or leakage. It is highly relevant in today's digital age, where data breaches and insider threats pose significant risks to organizations. This lab provides you with hands-on experience in setting up and configuring Snort, a popular Intrusion Detection System (IDS), to monitor network traffic and detect the unauthorized transfer of sensitive data.
In this lab, you will learn how to configure Snort to detect unauthorized data transfers and exfiltration. By editing Snort configuration files, you will set up monitoring rules that trigger alerts when sensitive data, like credit card details and national insurance numbers, are being transported over the network. You will also extend your rule to detect the transfer of a fake data file so that your rules are effective without revealing the actual sensitive content. To accomplish this, you'll explore various Snort rule techniques, such as text-based, regular expression-based, and hash-based matching, gaining an in-depth understanding of data loss prevention strategies. By the end of the lab, you'll have practical experience in setting up DLP measures using Snort, a valuable skill for protecting an organization's sensitive data assets.
This is a Hackerbot lab. Work through the labsheet, then when prompted interact with Hackerbot.
This is a Hackerbot lab. The labsheet is available once you claim a set of VMs. Work through the labsheet, then when prompted interact with Hackerbot.
</description>
<type>ctf-lab</type>
@@ -369,7 +370,7 @@
</generator>
</input>
</utility>
<utility module_path=".*/mirror_traffic_to_ids_iptables">
<input into="ids_IP_address">
<datastore access="1">IP_addresses</datastore>

9
scenarios/labs/response_and_investigation/7_live_analysis.xml
View File

@@ -6,7 +6,14 @@
<name>Live analysis lab</name>
<author>Z. Cliffe Schreuders</author>
<description>A Hackerbot lab. Work through the labsheet, then when prompted interact with Hackerbot. </description>
<description>
# Introduction
In this lab, you will dive into the world of digital forensics and incident response by investigating a potentially compromised server. Security breaches and compromises are a common occurrence in the digital age, and it's essential to understand how to analyze and gather evidence from a compromised system to determine the extent of the intrusion and identify potential threats. This lab will walk you through the process of live system analysis, using both standard Unix commands and tools provided by the FIRE (Forensic and Incident Response Environment) CD/DVD ISO, in order to collect volatile data and assess the system's security.
Throughout this hands-on lab, you will learn essential techniques for live system analysis, such as collecting information about running processes, network connections, kernel modules, and system state. You will also explore the use of static binaries to avoid potential tampering with dynamically linked executables. Additionally, you will employ tools like Chkrootkit to detect rootkits and perform offline analysis to uncover any suspicious activity or security breaches. By completing tasks such as creating a list of suspicious open ports, identifying unreported processes, and analyzing the output of data collection scripts, you will gain practical experience in investigating compromised systems, a crucial skill for cybersecurity professionals and digital forensics experts.
This is a Hackerbot lab. The labsheet is available once you claim a set of VMs. Work through the labsheet, then when prompted interact with Hackerbot.
</description>
<type>ctf-lab</type>
<type>hackerbot-lab</type>

9
scenarios/labs/response_and_investigation/8_dead_analysis.xml
View File

@@ -6,7 +6,14 @@
<name>Dead analysis lab</name>
<author>Z. Cliffe Schreuders</author>
<description>A Hackerbot lab. Work through the labsheet, then when prompted interact with Hackerbot. </description>
<description>
# Introduction
In this lab, you will delve into the world of digital forensics and offline analysis by examining a compromised system to uncover evidence of a security breach. This lab provides a hands-on experience with various forensic tools and techniques to investigate a compromised server. You will explore key theoretical concepts such as integrity management, log analysis, file recovery, and timeline reconstruction to piece together the events leading to the system compromise.
You will learn how to mount a disk image read-only, analyze file integrity using MD5 hashes, use Autopsy on Kali to examine file types and check for trojanized executables, conduct timeline analysis to reconstruct the sequence of events, and examine deleted files for hidden clues. You will also investigate log files, identify attempted SSH and Telnet logins, and recover email addresses used in communication. By the end of the lab, you will have gained valuable practical experience in forensic analysis and incident response, equipping you with skills to identify and understand security breaches in real-world scenarios.
This is a Hackerbot lab. The labsheet is available once you claim a set of VMs. Work through the labsheet, then when prompted interact with Hackerbot.
</description>
<type>ctf-lab</type>
<type>hackerbot-lab</type>

9
scenarios/labs/response_and_investigation/9_siem.xml
View File

@@ -6,7 +6,14 @@
<name>Security information and event management (SIEM) and Elastic (ELK) Stack lab</name>
<author>Z. Cliffe Schreuders</author>
<description>A Hackerbot lab. Work through the labsheet, then when prompted interact with Hackerbot. </description>
<description>
# Introduction
This lab provides a comprehensive overview of logging and security information and event management (SIEM) concepts, with an emphasis on the context of Linux systems. Logging is a critical aspect of system administration and security, enabling the monitoring of system events and providing valuable insights into system activities. The lab covers the fundamentals of logging, including the systemd journal and traditional syslog, and introduces the Elastic (ELK) Stack as a powerful SIEM solution. It also explores the usage of Auditbeat to monitor system audit information and highlights the role of a Security Operations Centre (SOC) in managing and responding to security incidents.
In this lab, you will learn how to use various logging tools and commands, such as journalctl and syslog, to access and analyze system logs. You will gain practical experience in configuring logging rules, utilizing regular expressions to filter log data, and exploring log rotation for efficient log management. Additionally, you will set up Auditbeat to monitor system activities and visualize the collected data using Elastic Stack. By the end of the lab, you will have a strong foundation in log management, SIEM, and be well-equipped to enhance the security and monitoring capabilities of Linux systems.
This is a Hackerbot lab. The labsheet is available once you claim a set of VMs. Work through the labsheet, then when prompted interact with Hackerbot.
</description>
<type>ctf-lab</type>
<type>hackerbot-lab</type>

9
scenarios/labs/software_and_malware_analysis/10_anti_sre.xml
View File

@@ -6,10 +6,13 @@
<name>Anti-SRE</name>
<author>Z. Cliffe Schreuders</author>
<description>A MetaCTF lab. In your home directory you will find some binaries that you need to reverse engineer in order to determine the password that the
program expects. Once you have found the password, run the program and enter the password to receive the file.
<description>
# Introduction
In this lab on anti-reverse-engineering techniques, you will explore the various tactics employed by both malicious actors and legitimate software developers to thwart the efforts of reverse engineers. This lab provides an in-depth understanding of how malware samples can identify their operating environment, detect the presence of debuggers, and employ anti-disassembly techniques to obfuscate their code.
There are binaries to perform dynamic SRE.
Throughout this lab, you will learn how malware samples identify virtual machine and sandbox environments, detect debuggers, and modify their runtime behavior. You'll also explore anti-disassembly techniques and code obfuscation methods, gaining hands-on experience with a set of practical challenges. Tasks include analyzing code in disassemblers like Ghidra, bypassing anti-debugging techniques, and deciphering hidden passwords within obfuscated code. By the end of this lab, you will have honed your skills in dynamic analysis and developed a deep understanding of the cat-and-mouse game between malware creators and reverse engineers. Get ready to unlock the secrets of anti-reverse-engineering and enhance your cybersecurity expertise through a series of engaging challenges.
In your home directory you will find some binaries that you need to reverse engineer in order to determine the password that the program expects. Once you have found the password, run the program and enter the password to receive the flag.
</description>
<lab_sheet_url>https://docs.google.com/document/d/1UsC3zykLAZwoV7bg5hP2hL1zpdxusjSZ3HVBnwZb5M4/edit?usp=sharing</lab_sheet_url>

12
scenarios/labs/software_and_malware_analysis/1_dynamic_and_static_analysis.xml
View File

@@ -6,10 +6,16 @@
<name>Introdution to Malware analysis lab</name>
<author>Z. Cliffe Schreuders</author>
<description>A MetaCTF lab. In your home directory you will find some binaries that you need to reverse engineer in order to determine the password that the
program expects. Once you have found the password, run the program and enter the password to receive the file.
<description>
# Introduction
In this lab on Reverse Engineering and Malware Analysis, you will delve into the world of malicious code analysis and gain a deeper understanding of how to dissect compiled binary programs. By learning the techniques and tools for static and dynamic analysis, you will equip yourself with the skills necessary to identify and analyze malware, investigate security incidents, and develop countermeasures against these threats.
Throughout this lab, you will learn about the two fundamental approaches to malware analysis: static and dynamic analysis. In static analysis, you will explore the contents of binary executable files, deciphering machine code instructions, and extracting useful information such as strings and metadata. You will use tools like hexdump, readelf, and strings to dissect the structure of executable files and understand their behavior without executing them. In dynamic analysis, you will run malware in a controlled environment, monitoring system calls and dynamic library functions using tools like strace and ltrace. Additionally, you will participate in practical exercises by solving reverse engineering Capture The Flag (CTF) challenges that apply the concepts learned in the lab. By the end of this lab, you will have a strong foundation in malware analysis techniques, preparing you for further exploration of lower-level concepts such as C and assembly code, which are essential in the world of cybersecurity.
In your home directory you will find some binaries that you need to reverse engineer in order to determine the password that the program expects. Once you have found the password, run the program and enter the password to receive the flag.
</description>
<lab_sheet_url>https://docs.google.com/document/d/1CRGtnCTOogpEIjl-tLYdZqHBwJt75FpUJTE2xUL9wqI/edit?usp=sharin</lab_sheet_url>
<lab_sheet_url>https://docs.google.com/document/d/1CRGtnCTOogpEIjl-tLYdZqHBwJt75FpUJTE2xUL9wqI/edit?usp=sharing</lab_sheet_url>
<type>ctf-lab</type>
<type>lab-sheet</type>

7
scenarios/labs/software_and_malware_analysis/2_intro_to_c.xml
View File

@@ -7,7 +7,12 @@
<name>Introdution to C lab</name>
<author>Thalita Vergilio</author>
<description>
An introduction to C. Really important fundamentals. No flags this week.
# Introduction
In this lab, you will dive into the world of the C programming language, exploring its fundamental concepts and practical applications. Understanding C is essential, not only for programming but also for dissecting and analyzing malware, as many malicious programs are still written in C due to its low-level control over system resources. The lab begins by differentiating between high and low-level languages, highlighting the importance of assembly language and its human-readable representation. It emphasizes that, while you'll be working with high-level languages like C, you should be aware of the low-level details, which will be crucial for future tasks in the realm of cybersecurity.
Throughout the lab, you will learn the basics of C programming by working on hands-on exercises. You'll start by creating a simple "Hello, world!" program, and then progress to explore data types, arrays, strings, conditionals, loops, functions, and pointers. For instance, you will write code to calculate averages and VAT, work with pointers to access memory addresses, and understand the relationship between arrays and pointers. By the end of this lab, you will have gained practical experience in C programming, setting a solid foundation for future endeavors in the field of cybersecurity and malware analysis.
This lab covers really important fundamentals. There are no flags this week.
</description>
<lab_sheet_url>https://docs.google.com/document/d/1qaq8LF6wbe9OvXwAqmLQ_FA-1OTRkRVxjH5O5KRDM2w/edit?usp=sharing</lab_sheet_url>

13
scenarios/labs/software_and_malware_analysis/3_c_and_asm.xml
View File

@@ -6,13 +6,14 @@
<name>C and Assembly lab</name>
<author>Thalita Vergilio</author>
<description>A MetaCTF lab. In your home directory you will find some binaries that you need to reverse engineer in order to determine the password that the
program expects. Once you have found the password, run the program and enter the password to receive the file.
<description>
# Introduction
In this lab, we delve into the world of C programming and assembly language, covering essential concepts and practical tasks to build a strong foundation in low-level programming. We begin by exploring the use of structs in C, a fundamental data type for handling composite data structures. You'll learn how to define and manipulate structs, enabling you to work with more complex data in programs.
Moving on to memory management, you'll understand the difference between the stack and heap, gaining insights into dynamic memory allocation and the crucial task of memory deallocation to prevent memory leaks. Practical examples and exercises will guide you through these concepts, including using the Valgrind tool to check for memory issues. Additionally, you'll dive into the world of bitwise operators, essential for disassembling code. You'll explore the use of operators like AND, OR, XOR, and more, and even work on a challenge where you'll need to reverse engineer a binary code. Finally, we introduce you to the fascinating realm of assembly language for 32-bit x86 processors, covering registers, flags, operands, and basic instructions. You'll practice disassembling code, identifying key elements, and gaining insights into the low-level operations of a computer system. Practical challenges and real-world scenarios will empower you with the knowledge and skills needed for low-level programming and reverse engineering.
In your home directory you will find some binaries that you need to reverse engineer in order to determine the password that the program expects. Once you have found the password, run the program and enter the password to receive the flag.
This week, we will finish our crash course in C programming by looking at structs, a data type used to represent composite data, memory management, one
of the biggest strengths of the C language, and bitwise operators, which you will find particularly helpful when looking at disassembled code. We will
then change our focus to assembly language. Starting with some basics, we will familiarise ourselves with the syntax and organisation of decompiled code
before moving onto recognising the structures we learned last week in the assembly code.
</description>
<lab_sheet_url>https://docs.google.com/document/d/14bEEdrJb0hGS5sBR-mOTWzCY-ws1LFDza3sIM04Akvg/edit?usp=sharing</lab_sheet_url>

10
scenarios/labs/software_and_malware_analysis/4_asm.xml
View File

@@ -6,11 +6,13 @@
<name>Recognising C Code Constructs in Assembly lab</name>
<author>Thalita Vergilio</author>
<description>A MetaCTF lab. In your home directory you will find some binaries that you need to reverse engineer in order to determine the password that the
program expects. Once you have found the password, run the program and enter the password to receive the file.
<description>
# Introduction
In this lab you will dive deep into the world of 32-bit x86 assembly language to gain a comprehensive understanding of how C code constructs are represented in assembly. This knowledge is not only essential for understanding how software functions at a low level but also for identifying and analyzing malicious code and vulnerabilities. The lab will cover crucial theoretical concepts, including branching, conditionals, loops, switch statements, arrays, strings, and structs in assembly language.
We start with understanding how branching and conditionals are represented in assembly. We then move onto learning how to identify the common C code
constructs we saw in previous weeks in disassembled code, namely loops, function calls, switch statements, arrays and structs.
Throughout this lab, you will learn how to recognize and map C code constructs into their assembly language counterparts. You will engage in hands-on activities such as disassembling C programs using tools like objdump, and analyzing the resulting assembly code to identify key elements like loops, conditionals, and switch statements. You will also solve practical challenges within the lab, such as finding specific flags hidden within assembly code by following hints and performing dynamic analysis. By the end of this lab, you will have a solid grasp of these reverse engineering and malware analysis fundamentals, equipped with the skills to dissect and understand low-level code structures and uncover elements within them.
In your home directory you will find some binaries that you need to reverse engineer in order to determine the password that the program expects. Once you have found the password, run the program and enter the password to receive the flag.
</description>
<lab_sheet_url>https://docs.google.com/document/d/1l4tU49JhI65Q85Zv9I1Wm1kaHNENp6iyIwMUhM8j_14/edit?usp=sharing</lab_sheet_url>

9
scenarios/labs/software_and_malware_analysis/5_ghidra.xml
View File

@@ -6,8 +6,13 @@
<name>Ghidra lab</name>
<author>Z. Cliffe Schreuders</author>
<description>A MetaCTF lab. In your home directory you will find some binaries that you need to reverse engineer in order to determine the password that the
program expects. Once you have found the password, run the program and enter the password to receive the file.
<description>
# Introduction
In this lab you will dive into the fascinating world of software reverse engineering (SRE) using the powerful tool Ghidra. SRE plays a crucial role in understanding the inner workings of software without access to its source code, making it a critical skill for cybersecurity professionals, software developers, and anyone interested in understanding how programs function at a low level. You will explore key theoretical concepts such as CPU architectures, memory layout randomization, and the role of external libraries in program execution.
Throughout this lab, you will embark on a hands-on journey to reverse engineer and analyze various aspects of executable files. You will start by creating and analyzing a simple "Hello, world!" program, learning how to set up Ghidra, import and analyze files, and interpret disassembled and decompiled code. You will also investigate the differences between 32-bit and 64-bit CPU architectures and the impact of memory layout randomization. As you progress, you will tackle challenges that require you to annotate and comment on code, rename functions and variables, and add valuable insights through comments. By the end of this lab, you will have gained practical experience in software reverse engineering and developed a deeper understanding of how to unravel the mysteries hidden within executable files.
In your home directory you will find some binaries that you need to reverse engineer in order to determine the password that the program expects. Once you have found the password, run the program and enter the password to receive the file.
</description>
<lab_sheet_url>https://docs.google.com/document/d/1d2l1Z5l3r-DOdt-MG96H8HdhmN2l54dz8TL-8iigxWU/edit?usp=sharing</lab_sheet_url>

7
scenarios/labs/software_and_malware_analysis/6_ghidra_analysis.xml
View File

@@ -6,10 +6,11 @@
<name>Ghidra lab analysis</name>
<author>Z. Cliffe Schreuders</author>
<description>A MetaCTF lab. In your home directory you will find some binaries that you need to reverse engineer in order to determine the password that the
program expects. Once you have found the password, run the program and enter the password to receive the file.
<description>
# Introduction
Using the skills you have developed thus far, there are two binaries to practice SRE with Ghidra.
There are two binaries to practice SRE with Ghidra.
In your home directory you will find some binaries that you need to reverse engineer in order to determine the password that the program expects. Once you have found the password, run the program and enter the password to receive the flag.
</description>
<type>ctf-lab</type>

10
scenarios/labs/software_and_malware_analysis/7_dynamic.xml
View File

@@ -6,11 +6,13 @@
<name>Dynamic analysis SRE</name>
<author>Z. Cliffe Schreuders</author>
<description>A MetaCTF lab. In your home directory you will find some binaries that you need to reverse engineer in
order to determine the password that the program expects. Once you have found the password, run the program and
enter the password to receive the file.
<description>
# Introduction
Dynamic analysis and debugging play a pivotal role in the field of cybersecurity and malware analysis. In this lab, you will delve into the world of dynamic malware analysis, a critical practice for understanding how malicious software behaves at runtime. You will learn how to use the GNU Debugger (GDB) to dissect and monitor a program's execution, even when you don't have access to its source code. This is particularly valuable for cybersecurity professionals and malware analysts, as it enables them to identify and analyze malicious behavior, ultimately contributing to the development of effective security measures.
There are binaries to perform dynamic SRE.
Throughout this lab, you will gain a comprehensive understanding of GDB, from setting breakpoints and examining memory locations to analyzing registers and making informed decisions about program execution. You will explore practical examples, such as setting breakpoints at specific locations in the code, examining memory content, and identifying crucial information like passwords. By the end of this lab, you will have the skills necessary to conduct dynamic analysis and debug potentially malicious programs effectively, providing invaluable insights into their runtime behavior and enhancing your expertise in the realm of cybersecurity and malware analysis.
In your home directory you will find some binaries that you need to reverse engineer in order to determine the password that the program expects. Once you have found the password, run the program and enter the password to receive the flag.
</description>
<lab_sheet_url>https://docs.google.com/document/d/1EuTmklR3AVxdiYTrzyJ89vHU9UUY2QOn3oU74zQF19k/edit?usp=sharing</lab_sheet_url>

10
scenarios/labs/software_and_malware_analysis/8_dynamic_continued.xml
View File

@@ -6,11 +6,13 @@
<name>Dynamic analysis SRE (cont.)</name>
<author>Z. Cliffe Schreuders</author>
<description>A MetaCTF lab. In your home directory you will find some binaries that you need to reverse engineer in
order to determine the password that the program expects. Once you have found the password, run the program and
enter the password to receive the file.
<description>
# Introduction
Building upon the skills acquired in the previous lab, this hands-on debugging session takes your expertise to the next level with a fresh set of challenges.These new exercises further enhance your dynamic analysis capabilities using the GNU Debugger (GDB). In the world of reverse engineering and cybersecurity, debugging is an indispensable skill, particularly when the source code remains elusive. This lab provides the ideal platform to fortify your skills by introducing unique challenges, each designed to push the boundaries of your GDB proficiency.
There are binaries to perform dynamic SRE.
You'll set breakpoints, scrutinize register values, and decipher assembly instructions to uncover concealed passwords and flags. For example, in the "XorStr" challenge, you'll leverage GDB to identify an XOR mask and use it to decrypt a string, while "StaticInt" will have you focusing on EAX values and local variables to print the flag. By the conclusion of this lab, you will have cemented your debugging abilities and effectively surmounted eight new challenges, solidifying your expertise in dynamic analysis for situations where source code accessibility is restricted.
In your home directory you will find some binaries that you need to reverse engineer in order to determine the password that the program expects. Once you have found the password, run the program and enter the password to receive the flag.
</description>
<lab_sheet_url>https://docs.google.com/document/d/11A7tZppId1pxbcclZDPr6e-zwWPKqPnJMgyAtcARR2s/edit?usp=sharing</lab_sheet_url>

4
scenarios/labs/software_and_malware_analysis/9_malware_behaviour.xml
View File

@@ -6,7 +6,9 @@
<name>Malware Behaviour</name>
<author>Z. Cliffe Schreuders</author>
<description>A MetaCTF lab. In your home directory you will find some binaries that you need to reverse engineer in order to determine the password that the
<description>
# Introduction
A MetaCTF lab. In your home directory you will find some binaries that you need to reverse engineer in order to determine the password that the
program expects. Once you have found the password, run the program and enter the password to receive the file.
There are binaries to perform dynamic SRE.

8
scenarios/labs/software_security_exploitation/1_c_asm_iof.xml
View File

@@ -7,8 +7,14 @@
<name>Understanding Software Vulnerabilities: C, Debugging Assembly, and Buffer Overflows</name>
<author>Z. Cliffe Schreuders</author>
<description>
# Introduction
This lab provides an introduction to the fundamental concepts of software vulnerabilities, programming in C, and debugging assembly code. It emphasizes the importance of secure coding and understanding the potential security flaws that can arise due to programming errors. In this lab, you will learn how small programming mistakes can result in software vulnerabilities with serious consequences. You will explore two main categories of software flaws: design problems and implementation problems. Common programming errors leading to security flaws, such as memory errors, input handling, and misuse of pointers and strings, will be discussed.
A MetaCTF lab. In your home directory you will find some binaries that you need to reverse engineer in order to determine the password that the program expects. Once you determing the password, run the program and enter the password to receive the file.
You will dive into programming in C, debugging assembly code using GDB, and understanding the stack structure in memory. You will create and compile simple C programs, explore the basics of assembly code, and learn to use GDB for debugging. The lab includes practical tasks, such as writing and running C programs, analyzing assembly code, and identifying security vulnerabilities in the code. You'll experiment with different inputs to understand how software vulnerabilities can be exploited and how to fix them, using secure coding practices. By the end of the lab, you will have a better grasp of software vulnerabilities and the tools and techniques for identifying and addressing them in C programs.
Overall, this lab serves as a foundational module for understanding software security, highlighting the critical role of secure coding practices and the potential consequences of software vulnerabilities.
In your home directory you will find some binaries that you need to reverse engineer in order to determine the password that the program expects. Once you have found the password, run the program and enter the password to receive the flag.
</description>
<lab_sheet_url>https://docs.google.com/document/d/1AxTve1RBzqvdPxt8Wziga2x2e3lZp4k5YsMq3KxkXzM/edit?usp=sharing</lab_sheet_url>

9
scenarios/labs/software_security_exploitation/2_race_conditions_format_str.xml
View File

@@ -7,7 +7,14 @@
<name>Understanding Software Vulnerabilities: Injection Attacks, Race Conditions, and Format String Attacks</name>
<author>Z. Cliffe Schreuders</author>
<description>
A MetaCTF lab. In your home directory you will find some binaries that you need to reverse engineer in order to determine the password that the program expects. Once you determing the password, run the program and enter the password to receive the file.
# Introduction
Software vulnerabilities can have severe consequences, stemming from design and implementation problems. These problems can range from simple memory errors and bounds checking, like buffer overflows, to more complex issues such as race conditions, format string attacks, and misconfigured security mechanisms. In this lab you will learn to identify and understand these programming flaws through hands-on exercises.
You will explore command injection vulnerabilities. You'll be tasked with creating, compiling, and running and exploiting a C program susceptible to command injection. You will investigate concepts including validation and sanitization, essential for securing your code against malicious input. You will also learn how to use the diff and patch commands to create and apply code patches. You will also investigate and attack time of check to time of use race conditions. Lastly, you'll explore format string attacks, examining their dangers and vulnerabilities.
By the end of this lab, you will have acquired a deeper understanding of software vulnerabilities and learned practical techniques to identify, prevent, and mitigate these issues in your own code. These skills are invaluable for anyone involved in software development and cybersecurity.
In your home directory you will find some binaries representing challenges to complete to receive the flags.
</description>
<lab_sheet_url>https://docs.google.com/document/d/1GKmNARyF2-RQ-jK1_w4Y7V9vNtXsJvMmvXSbnadyEoE/edit?usp=sharing</lab_sheet_url>

5
scenarios/labs/software_security_exploitation/3_bug_hunting_and_fuzzing.xml
View File

@@ -7,7 +7,10 @@
<name>Bug Hunting and Fuzzing</name>
<author>Z. Cliffe Schreuders</author>
<description>
Bug Hunting and Fuzzing
# Introduction
Identifying and fixing software vulnerabilities is of paramount importance. This lab introduces two techniques for bug hunting: Fuzzing and Static Analysis. These methods are essential for uncovering hidden security flaws in software, which can be exploited for malicious purposes if left unaddressed. Fuzzing involves sending unexpected and often malformed data as input to a program, searching for weaknesses, while Static Analysis employs automated tools to analyze the code structure for potential issues. This lab provides a hands-on experience in finding and exploiting vulnerabilities.
In this lab, you will learn how to manually audit C code to spot errors and use various fuzzing techniques to test network programs for security flaws. You will start by auditing and securing C code, identifying vulnerabilities, and fixing potential issues. You will then explore the world of fuzzing, where you will learn to use tools like Spike to send various inputs to network services to uncover potential vulnerabilities. The lab also guides you through Metasploit's FTP fuzzing module. Finally, you will apply your knowledge to CTF challenges, running and fuzzing network services to crash programs and uncover flags. By the end of this lab, you will have gained practical skills and knowledge in software security testing and vulnerability detection.
</description>
<lab_sheet_url>https://docs.google.com/document/d/1yuDcFkI2-KD4Xfti4PahE038o-6324LKSx075ZSsuKw/edit?usp=sharing</lab_sheet_url>

5
scenarios/labs/software_security_exploitation/4_exploit_development.xml
View File

@@ -7,7 +7,10 @@
<name>Exploit Development</name>
<author>Z. Cliffe Schreuders</author>
<description>
By the end of this lab you will have written a Metasploit exploit module to compromise a remote buffer overflow.
# Introduction
Exploit development involves identifying and exploiting vulnerabilities in software or systems, potentially granting unauthorized access. In this hands-on lab, you will delve into the advanced topic of exploit development, focusing on Windows stack-smashing buffer overflows, a common type of vulnerability.
Throughout this lab, you will work on a Kali Linux system as the attacker and a Windows VM as the victim/debugger, targeting a vulnerable FTP server. The lab guides you through several crucial steps, including manual exploitation, writing your first Metasploit (MSF) exploit module, finding the offset within the input that overwrites the EIP (Extended Instruction Pointer), adding shellcode to control the target system, and ultimately gaining remote access to the compromised system. By the end of this lab, you will have not only gained theoretical knowledge of exploit development but also practical experience in crafting and launching your own exploits against real-world vulnerabilities.
</description>
<lab_sheet_url>https://docs.google.com/document/d/1tsKUaCetdqwDmey4JK9DYrcO9XDx4EwE2RIvSbP6zQQ/edit?usp=sharing</lab_sheet_url>

5
scenarios/labs/software_security_exploitation/5_linux_stack_bof.xml
View File

@@ -7,7 +7,10 @@
<name>Writing Exploits: Linux and Stack-smashing Buffer Overflows</name>
<author>Thomas Shaw</author>
<description>
Exploit Development: Linux and Stack-smashing Buffer Overflows
# Introduction
Buffer overflows are a common security issue that can be exploited to gain unauthorized access to a system or execute malicious code. In this lab you will delve deeper into the world of buffer overflow vulnerabilities, this time on Linux systems, expanding upon the skills learned in the previous lab. The exercises will cover both manual exploitation techniques and the development of Metasploit exploits, while introducing Capture The Flag (CTF) challenges of increasing complexity. By the end of this lab, you will have a deeper understanding of exploit development, honing your skills in identifying and exploiting buffer overflows on both Windows and Linux, further enriching your knowledge in the world of cybersecurity.
Throughout this lab, you will learn how to identify and exploit buffer overflow vulnerabilities in Linux applications. You will start by manually causing buffer overflows, identifying memory addresses, and understanding the significance of these addresses. Subsequently, you will create Metasploit exploit modules to automate the exploitation process. The lab includes Capture The Flag (CTF) challenges, where you will create and deplou attacks to gain shell access to complete specific objectives. The challenges will require you to jump to existing code, inject your own shellcode, and tackle varying levels of complexity. By the end of this lab, you will have a solid grasp of exploit development and practical experience in exploiting buffer overflow vulnerabilities on Linux systems.
</description>
<lab_sheet_url>https://docs.google.com/document/d/1wgxLYHkdeLknRcbzZY73xZt36TWExuu-lfIJhRuHE-I/edit?usp=sharing</lab_sheet_url>

7
scenarios/labs/software_security_exploitation/6_linux_nx_bypass.xml
View File

@@ -7,7 +7,12 @@
<name>Linux bypassing NX bit with return-to-libc</name>
<author>Thomas Shaw</author>
<description>
Similar to last topic. Same C code, just compiled w/ stack protections and non-executable stack.
# Introduction
In this lab, you will develop your knowledge of memory protections and exploit techniques. The focus is on bypassing the Non-Executable (NX) stack protection, which aims to prevent attackers from running malicious code on the stack. You'll explore the theoretical concept of NX stack protection, understand how it is implemented in Linux, and learn about return-to-libc attacks, a clever exploit technique that allows you to redirect a program's execution to functions within the Standard C Library (libc) without executing any external code.
Throughout this lab, you will learn how to bypass NX stack protection and write return-to-libc exploits. You will find the offset for the Instruction Pointer (EIP), identify the memory addresses of essential functions like execve() and exit() within libc, and construct a fake stack frame to trigger a shell using these functions. As practical tasks, you will write a Metasploit exploit module, analyze memory addresses, and run your exploit to successfully gain control over a vulnerable program.
The CTF challenges are similar to those from the last topic, however the vulnerable software has been compiled with stack protections and non-executable stack, which you will learn to circumvent.
</description>
<lab_sheet_url>https://docs.google.com/document/d/1eUOb1cR-D8qv0NmlGXYUN1JYwmgrwOBNtfsDVdxnPpw/edit?usp=sharing</lab_sheet_url>

5
scenarios/labs/software_security_exploitation/7_linux_aslr_bypass.xml
View File

@@ -7,7 +7,10 @@
<name>Linux ASLR bypass</name>
<author>Thomas Shaw</author>
<description>
Practical challenges to bypass ASLR, PIE and RelRO.
# Introduction
Address Space Layout Randomization (ASLR) is a critical security feature in modern operating systems. ASLR randomizes the memory addresses of various program components, making it challenging for attackers to exploit vulnerabilities. You'll explore challenges designed to help you understand how ASLR works and how to bypass it.
Throughout the lab, you'll learn how to leverage information leaks and brute-force attacks to overcome ASLR, PIE and RelRO. You'll set up your exploit development environment using the Metasploit framework, identify the offsets and addresses of critical functions, and craft exploits to control program execution. Specifically, you will capture an information leak, calculate function offsets, and redirect control flow to a target function. Subsequently, you'll tackle a more complex scenario where there's no information leak, relying on brute-force to bypass ASLR and gain access to a hidden flag. These practical tasks will equip you with valuable skills in vulnerability exploitation and security assessment.
</description>
<lab_sheet_url>https://docs.google.com/document/d/1NVWjD257EN0pv14G6dD44VpSPYlrR6IC2HPihrsGPnY/edit?usp=sharing</lab_sheet_url>

3
scenarios/labs/software_security_exploitation/8_linux_bof_format.xml
View File

@@ -7,7 +7,8 @@
<name>Linux Buffer Overflows and Advanced Format String Attacks</name>
<author>Thomas Shaw</author>
<description>
The practical challenges involve exploiting buffer overflow vulnerabilities and a format string vulnerability.
# Introduction
In this lab, you will face some additional challenges designed to help you develop your understanding of software security and vulnerabilities. You will learn how to perform Format String Attacks, a type of vulnerability that allows attackers to manipulate the memory of a program by exploiting how it handles format specifiers. Additionally, you will further explore Buffer Overflows, a common security issue that arises when programs do not properly manage memory, leading to the overwriting of critical data.
</description>
<lab_sheet_url>https://docs.google.com/document/d/1Ap-h6YSDtfU4bLwiKhxP5x2nf1vjSJ2V2zEL5wzW84U/edit?usp=sharing</lab_sheet_url>

19
scenarios/labs/systems_security/1_authentication.xml
View File

@@ -7,14 +7,21 @@
<name>Authentication lab</name>
<author>Z. Cliffe Schreuders</author>
<description>
# Lecture
[Slides here](http://z.cliffe.schreuders.org/presentations/slides/1718/ADS_slides_out_week_6/WNS_ADS_Lectures_5_Authentication.html)
# Introduction
Authentication is the process of verifying a user's identity, ensuring that individuals are who they claim to be before granting them access to systems and resources. This lab will provide you with hands-on experience, enabling you to explore the intricacies of user accounts and identity on Unix/Linux systems, gain insights into password storage and hashing, and even attempt to crack passwords using dictionary attacks. By the end of this lab, you will have a deeper understanding of how authentication works, the role of password security, and the importance of safeguarding user identities.
# Reading
[Chapter 11 "Authentication": Bishop, M. (2004), Introduction to Computer Security, Addison-Wesley. (ISBN-10: 0321247442)](https://my.leedsbeckett.ac.uk/bbcswebdav/pid-2221598-dt-content-rid-4451698_1/institution/Online%20Learning/AET/CT/MSc%20Computer%20Security/Principles%20of%20Digital%20Security/Readings/Week%205/DCS-85139%20%281%29.pdf)
Throughout this lab, you will learn about user accounts, their attributes, and their association with user and group IDs. You'll also explore the concept of salts in password hashing, understand the strengths and weaknesses of different passwords, and attempt to crack passwords using tools like John the Ripper. Practical tasks include examining the system's /etc/passwd and /etc/group files, changing user identities, and analyzing the /etc/shadow file to understand password storage. By actively engaging in these activities, you will gain a comprehensive understanding of authentication processes and the key factors that contribute to securing user identities in Unix/Linux systems.
# Lab
A Hackerbot lab. Work through the lab instructions, then when prompted interact with Hackerbot.
# Hackerbot and CTF challenges
This is a Hackerbot lab. The labsheet is available once you claim a set of VMs. Work through the labsheet, then when prompted interact with Hackerbot.
The Hackerbot tasks in this lab involve configuring new users and group membership. Then you will attempt to crack the passwords of users on the desktop VM whose user IDs (UIDs) are higher than 1001. After successfully cracking passwords, you will use these credentials to SSH into the separate server VM, where you will discover flags. This task showcases the practical implications of password security and cracking.
# Lecture
[Slides here](http://z.cliffe.schreuders.org/presentations/slides/1718/ADS_slides_out_week_6/WNS_ADS_Lectures_5_Authentication.html)
# Reading
[Chapter 11 "Authentication": Bishop, M. (2004), Introduction to Computer Security, Addison-Wesley. (ISBN-10: 0321247442)](https://my.leedsbeckett.ac.uk/bbcswebdav/pid-2221598-dt-content-rid-4451698_1/institution/Online%20Learning/AET/CT/MSc%20Computer%20Security/Principles%20of%20Digital%20Security/Readings/Week%205/DCS-85139%20%281%29.pdf)
</description>
<type>ctf-lab</type>

22
scenarios/labs/systems_security/2_pam.xml
View File

@@ -7,14 +7,24 @@
<name>Pluggable Authentication Modules lab</name>
<author>Z. Cliffe Schreuders</author>
<description>
# Lecture
[Slides continued here](http://z.cliffe.schreuders.org/presentations/slides/1718/ADS_slides_out_week_6/WNS_ADS_Lectures_5_Authentication.html)
# Introduction
In this lab, you will explore Pluggable Authentication Modules (PAM) and Secure Shell (SSH) to enhance your understanding of authentication and security in Linux and Unix-like systems. PAM is a component that allows for the flexibility and extensibility of authentication methods, making it possible for various programs to leverage different authentication schemes, providing a standardized way to configure and manage authentication rules.
# Reading
[Chapter 4 "Users, Passwords, and Authentication": Garfinkel, S. Spafford, G. and Schwartz, A. (2003), Practical Unix and Internet Security, O'Reilly. (ISBN-10: 0596003234)](https://www-dawsonera-com.ezproxy.leedsbeckett.ac.uk/abstract/9781449310325)
Throughout the lab, you will gain hands-on experience with PAM by examining available PAM modules, understanding the structure of PAM configuration files, and making modifications to enforce policies including: password complexity requirements, time constraints, lockout policies after repeated login failures, creating home directories, enforcing session limits through cron jobs. You will also explore SSH password-less authentication, a powerful method of securely accessing remote systems without the need for traditional passwords. By generating SSH key pairs and configuring authorized keys, you will learn how to enhance the security and convenience of remote access.
By the end of this lab, you will have a solid grasp of PAM's role in authentication, the benefits of SSH key-based authentication, and the practical skills to enhance the security and usability of authentication mechanisms in Linux systems.
# Hackerbot and CTF challenges
This is a Hackerbot lab. The labsheet is available once you claim a set of VMs. Work through the labsheet, then when prompted interact with Hackerbot.
The Hackerbot tasks involve configuring password policies, testing your ability to use PAM to enhance authentication security.
# Lecture
[Slides continued here](http://z.cliffe.schreuders.org/presentations/slides/1718/ADS_slides_out_week_6/WNS_ADS_Lectures_5_Authentication.html)
# Reading
[Chapter 4 "Users, Passwords, and Authentication": Garfinkel, S. Spafford, G. and Schwartz, A. (2003), Practical Unix and Internet Security, O'Reilly. (ISBN-10: 0596003234)](https://www-dawsonera-com.ezproxy.leedsbeckett.ac.uk/abstract/9781449310325)
# Lab
A short lab this week, exploring PAM. Work through the labsheet, then when prompted interact with Hackerbot.
</description>
<type>ctf-lab</type>

19
scenarios/labs/systems_security/4_access_controls.xml
View File

@@ -7,14 +7,21 @@
<name>Access Controls lab</name>
<author>Z. Cliffe Schreuders</author>
<description>
# Lecture
[Slides here](http://z.cliffe.schreuders.org/presentations/slides/1718/ADS_slides_out_week_7/ADS_PDS_Lectures_7_Access_Control.html)
# Introduction
Access control involves authorizing and mediating access to resources, determining what actions are permitted, and enforcing security policies. In this lab, you will delve into access control and Unix file permissions, gaining a practical understanding of how they work and their significance in maintaining system security. The lab will introduce you to subjects and objects in the context of access control, different access control models, and Unix file permissions.
# Reading
[Chapter 1 "Foundations of Security and Access Control in Computing": Benantar, M. (2006), Access Control Systems: Security, Identity Management and Trust Models, Springer. (ISBN-10: 0387004459)](https://www-dawsonera-com.ezproxy.leedsbeckett.ac.uk/readonline/9780387277165)
Throughout this lab, you will learn how to view and manipulate file permissions in a Unix-like operating system. You will explore the concept of inodes, examine file permissions using the ls command, create and manage hard and symbolic links to files, and understand how directory-level permissions affect file access. Additionally, you will work with the chmod command to change file permissions and discover the significance of the umask command in setting default permissions for new files. By the end of this lab, you will have an understanding of access control, file permissions, and practical skills in managing access rights on a Linux system.
# Lab
A Hackerbot lab. Work through the labsheet, then when prompted interact with Hackerbot.
# Hackerbot and CTF challenges
This is a Hackerbot lab. The labsheet is available once you claim a set of VMs. Work through the labsheet, then when prompted interact with Hackerbot.
The Hackerbot tasks are designed to provide hands-on experience in managing user access, group permissions, and file ownership, and will enhance your understanding of access control mechanisms. You will create files with specific permissions, ownership, and group assignments while ensuring that other users are appropriately restricted from accessing these files.
# Lecture
[Slides here](http://z.cliffe.schreuders.org/presentations/slides/1718/ADS_slides_out_week_7/ADS_PDS_Lectures_7_Access_Control.html)
# Reading
[Chapter 1 "Foundations of Security and Access Control in Computing": Benantar, M. (2006), Access Control Systems: Security, Identity Management and Trust Models, Springer. (ISBN-10: 0387004459)](https://www-dawsonera-com.ezproxy.leedsbeckett.ac.uk/readonline/9780387277165)
</description>
<type>ctf-lab</type>

19
scenarios/labs/systems_security/5_suid.xml
View File

@@ -7,14 +7,21 @@
<name>Set User ID lab</name>
<author>Z. Cliffe Schreuders</author>
<description>
# Lecture
[Slides continued here](http://z.cliffe.schreuders.org/presentations/slides/1718/ADS_slides_out_week_7/ADS_PDS_Lectures_7_Access_Control.html)
# Introduction
Special file permissions, such as Set UID (SUID) and Set GID (SGID) play a crucial role in Unix-based operating systems by enabling certain processes to run with elevated privileges. Understanding SUID and SGID provides insights into access controls and how Unix systems handle privilege escalation while maintaining control over who can execute specific operations. This lab will empower you with practical knowledge on the use and implications of SUID and SGID.
# Reading
[Chapter 6 "Filesystems and Security": Garfinkel, S. Spafford, G. and Schwartz, A. (2003), Practical Unix and Internet Security, O'Reilly. (ISBN-10: 0596003234)](https://www-dawsonera-com.ezproxy.leedsbeckett.ac.uk/abstract/9781449310325)
Throughout this lab, you will learn about the concepts of Real UID (RUID) and Effective UID (EUID), explore SUID and SGID permissions in detail, and analyze their significance in managing system security. You will inspect processes to identify cases where RUID and EUID differ, discover SUID and SGID programs on your system, and understand why they require these special permissions. Additionally, you will compile a SUID C program, assess its security implications, and modify it to rectify vulnerabilities. By the end of this lab, you will have a comprehensive understanding of SUID and SGID, their importance in Unix system security, and practical experience in working with SUID programs.
# Lab
A Hackerbot lab. Work through the labsheet, then when prompted interact with Hackerbot.
# Hackerbot and CTF challenges
This is a Hackerbot lab. The labsheet is available once you claim a set of VMs. Work through the labsheet, then when prompted interact with Hackerbot.
In the Hackerbot tasks, you'll use SUID to mediate access to a file (accessible exclusively by a specific user through a SUID executable). There are also some problem-based challenges involving hardlinks, relative paths, and combining shell programs with SGID and SUID permissions.
# Lecture
[Slides continued here](http://z.cliffe.schreuders.org/presentations/slides/1718/ADS_slides_out_week_7/ADS_PDS_Lectures_7_Access_Control.html)
# Reading
[Chapter 6 "Filesystems and Security": Garfinkel, S. Spafford, G. and Schwartz, A. (2003), Practical Unix and Internet Security, O'Reilly. (ISBN-10: 0596003234)](https://www-dawsonera-com.ezproxy.leedsbeckett.ac.uk/abstract/9781449310325)
</description>
<type>ctf-lab</type>

18
scenarios/labs/systems_security/6_facls.xml
View File

@@ -7,15 +7,21 @@
<name>Access Control Lists (ACLs) lab</name>
<author>Z. Cliffe Schreuders</author>
<description>
# Lecture
[Slides continued here](http://z.cliffe.schreuders.org/presentations/slides/1718/ADS_slides_out_week_7/ADS_PDS_Lectures_7_Access_Control.html)
# Introduction
Access Control Lists (ACLs) are sets of rules attached to resources, specifying which subjects (users or entities) are authorized to access the resource and the type of permissions granted to each subject. ACLs allow for a granular and flexible approach to managing who can access a file, what kind of access they have, and how these permissions are inherited and checked.
# Reading
[Grunbacher, Andreas. "POSIX Access Control Lists on Linux." *USENIX Annual Technical Conference*, FREENIX Track. 2003.](https://www.usenix.org/legacy/events/usenix03/tech/freenix03/full_papers/gruenbacher/gruenbacher.pdf)
You will learn about the fundamental concepts of Full ACLs, their syntax and usage on Linux systems, and how they differ from traditional Unix file permissions. Through hands-on tasks, you will set ACLs on files, manipulate permissions for specific users, explore the mask entry's role in determining maximum permissions, and understand the behavior of access checks in ACLs. Additionally, you will discover the concept of default ACLs and their impact on newly created files within a directory. By comparing Linux ACLs to Windows ACLs, you'll gain insights into the unique features and nuances of each system, such as inheritance logic and the use of global security identifiers. This lab will equip you with practical skills and knowledge to manage access control effectively in a diverse range of computing environments.
# Lab
A Hackerbot lab. Work through the labsheet, then when prompted interact with Hackerbot.
# Hackerbot and CTF challenges
This is a Hackerbot lab. The labsheet is available once you claim a set of VMs. Work through the labsheet, then when prompted interact with Hackerbot.
The Hackerbot tasks involve creating and managing files and directories using Linux ACLs to control access, allowing specific users to read and write while denying access to others. There is also a file permissions challenge on a server where you take what you've learned over the last few topics to find and exploit a permissions weakness.
# Lecture
[Slides continued here](http://z.cliffe.schreuders.org/presentations/slides/1718/ADS_slides_out_week_7/ADS_PDS_Lectures_7_Access_Control.html)
# Reading
[Grunbacher, Andreas. "POSIX Access Control Lists on Linux." *USENIX Annual Technical Conference*, FREENIX Track. 2003.](https://www.usenix.org/legacy/events/usenix03/tech/freenix03/full_papers/gruenbacher/gruenbacher.pdf)
</description>
<type>ctf-lab</type>

20
scenarios/labs/systems_security/7_containers.xml
View File

@@ -7,14 +7,22 @@
<name>Containers lab</name>
<author>Z. Cliffe Schreuders</author>
<description>
# Lecture
[Slides here](http://z.cliffe.schreuders.org/presentations/slides/slides_out_sandboxing/ADS_PDS_Lectures_8_Sandboxes_and_Virtualisation.html)
# Introduction
Sandboxing involves restricting the capabilities of individual programs or groups of programs, minimizing the potential damage a rogue program can inflict on a system. This lab focuses on container-based sandboxes and the use of chroot. You will learn how to create a chroot environment, effectively isolating a set of programs within a directory, and run commands inside this sandbox. Furthermore, the lab introduces you to Docker, a popular tool that builds upon the principles of chroot and adds features to automate the creation and deployment of containerized operating systems and applications. You will explore the concept of Docker images as reusable base environments and containers as instances of these images. You will create and manage containers, observe the speed and efficiency of containerization compared to traditional chroot, and analyze the level of isolation Docker provides. This lab equips you with practical knowledge of sandboxing and isolation.
# Reading
[Z. C. Schreuders, T. McGill, and C. Payne, "The State of the Art of Application Restrictions and Sandboxes: A Survey of Application-oriented Access Controls and their Shortfalls," Computers and Security, Volume 32, Elsevier B.V., 2013. DOI: 10.1016/j.cose.2012.09.007](http://z.cliffe.schreuders.org/publications/Computers&amp;Security%20-%20The%20State%20of%20the%20Art%20of%20Application%20Restrictions%20and%20Sandboxes%20-%20Author%20Version.pdf)
# Hackerbot and CTF challenges
This is a Hackerbot lab. The labsheet is available once you claim a set of VMs. Work through the labsheet, then when prompted interact with Hackerbot.
# Lab
A Hackerbot lab. Work through the labsheet, then when prompted interact with Hackerbot.
You need to find a way into then escape to root a docker container and a chroot container. The flags are stored in /root/ on the two VMs but you first need to find your way in (try a port scan and try connecting to open ports), and then escape confinement.
# Lecture
[Slides here](http://z.cliffe.schreuders.org/presentations/slides/slides_out_sandboxing/ADS_PDS_Lectures_8_Sandboxes_and_Virtualisation.html)
# Reading
[Z. C. Schreuders, T. McGill, and C. Payne, "The State of the Art of Application Restrictions and Sandboxes: A Survey of Application-oriented Access Controls and their Shortfalls," Computers and Security, Volume 32, Elsevier B.V., 2013. DOI: 10.1016/j.cose.2012.09.007](http://z.cliffe.schreuders.org/publications/Computers&amp;Security%20-%20The%20State%20of%20the%20Art%20of%20Application%20Restrictions%20and%20Sandboxes%20-%20Author%20Version.pdf)
# Lab
This is a Hackerbot lab. The labsheet is available once you claim a set of VMs. Work through the labsheet, then when prompted interact with Hackerbot.
</description>
<type>ctf-lab</type>

23
scenarios/labs/systems_security/8_apparmor.xml
View File

@@ -7,18 +7,25 @@
<name>AppArmor lab</name>
<author>Z. Cliffe Schreuders</author>
<description>
# Lecture
[Slides continued here](http://z.cliffe.schreuders.org/presentations/slides/slides_out_sandboxing/ADS_PDS_Lectures_8_Sandboxes_and_Virtualisation.html)
# Introduction
Mandatory Access Controls (MAC) encompass mechanisms such as Capabilities and AppArmor, which provide system-wide access controls to manage and enforce permissions for processes and applications, mitigating security risks and enhancing overall system security. In this lab, you will explore two aspects of system-wide access controls in Linux security: Capabilities and AppArmor.
# Lectures for the next two weeks
[Secure software development](https://leedsbeckettreplay.cloud.panopto.eu/Panopto/Pages/Viewer.aspx?id=31ee4531-1834-4028-8829-aa1d00a73a7e)
First, you will delve into the concept of Capabilities, a coarse-grained approach to control privileges in Linux. You will learn how capabilities can be used to grant specific permissions to programs without having them run as the all-powerful root user. You will also explore AppArmor, a rule-based, fine-grained access control system for Linux. You will examine how AppArmor profiles are used to specify the resources and permissions that a program can access, effectively creating a whitelist of allowed actions. You will create rules and experience the learning mode of AppArmor, which helps construct rules based on actual program behavior and understand the advantages and disadvantages of a blacklist (deny) versus a whitelist (ignore) approach to writing AppArmor rules. By the end of this lab, you will have a deep understanding of how capabilities and AppArmor can enhance the security of your Linux system by controlling what programs can do and which resources they can access.
[Secure design principles](https://leedsbeckettreplay.cloud.panopto.eu/Panopto/Pages/Viewer.aspx?id=6f409b1c-2daa-4798-8bc7-aa2400952d29)
# Hackerbot and CTF challenges
This is a Hackerbot lab. The labsheet is available once you claim a set of VMs. Work through the labsheet, then when prompted interact with Hackerbot.
[Slides](http://z.cliffe.schreuders.org/presentations/slides/slides_secure_design/ADS_PDS_Lectures_3_Secure_Software_Development_and_Bug_Hunting.html)
Hackerbot will challenge you to use AppArmor to provide a shell to attackers, with only limitted access to specific resources.
# Lab
A Hackerbot lab. Work through the labsheet, then when prompted interact with Hackerbot.
# Lecture
[Slides continued here](http://z.cliffe.schreuders.org/presentations/slides/slides_out_sandboxing/ADS_PDS_Lectures_8_Sandboxes_and_Virtualisation.html)
# Lectures for the next two weeks
[Secure software development](https://leedsbeckettreplay.cloud.panopto.eu/Panopto/Pages/Viewer.aspx?id=31ee4531-1834-4028-8829-aa1d00a73a7e)
[Secure design principles](https://leedsbeckettreplay.cloud.panopto.eu/Panopto/Pages/Viewer.aspx?id=6f409b1c-2daa-4798-8bc7-aa2400952d29)
[Slides](http://z.cliffe.schreuders.org/presentations/slides/slides_secure_design/ADS_PDS_Lectures_3_Secure_Software_Development_and_Bug_Hunting.html)
</description>
<type>ctf-lab</type>
<type>hackerbot-lab</type>