mirror of
https://github.com/cliffe/SecGen.git
synced 2026-02-20 13:50:45 +00:00
CyBOK updates
This commit is contained in:
Z. Cliffe Schreuders
@@ -2,7 +2,7 @@
|
||||
|
||||
The Cyber Security Body of Knowledge (CyBOK) is a body of knowledge that aims to encapsulate the various knowledge areas present within cyber security. Scenarios within SecGen now contain XML elements linking them to CyBOK knowledge areas and specific topics within those knowledge areas. Additionally, video lectures for scenarios are tagged with CyBOK associations.
|
||||
|
||||
This file is an autogenerated index and cross referencing of the 39 SecGen CTF scenarios that have CyBOK metadata.
|
||||
This file is an autogenerated index and cross referencing of the 40 SecGen CTF scenarios that have CyBOK metadata.
|
||||
|
||||
You can browse the list below in terms of the [CyBOK Knowledge Areas, and Topics](#scenarios-indexed-by-cybok-knowledge-area-ka). The [list of scenarios](#scenario-cybok-keywords) in the second half of this document includes keywords (also known as "indicative topics" in CyBOK terminology).
|
||||
|
||||
@@ -14,7 +14,7 @@ You can browse the list below in terms of the [CyBOK Knowledge Areas, and Topics
|
||||
|
||||
[Authentication, Authorisation & Accountability (AAA)](#authentication,-authorisation--accountability-aaa)</br>
|
||||
[Operating Systems & Virtualisation (OSV)](#operating-systems--virtualisation-osv)</br>
|
||||
[Cryptography (C)](#cryptography-c)</br>
|
||||
[Applied Cryptography (AC)](#applied-cryptography-ac)</br>
|
||||
[Malware & Attack Technology (MAT)](#malware--attack-technology-mat)</br>
|
||||
[Software Security (SS)](#software-security-ss)</br>
|
||||
[Security Operations & Incident Management (SOIM)](#security-operations--incident-management-soim)</br>
|
||||
@@ -47,12 +47,12 @@ Authentication | [encoding_challenges.xml](#encoding_challengesxml)</br>[feeling
|
||||
Primitives for Isolation and Mediation | [access_can_roll.xml](#access_can_rollxml)</br>[administration_woes.xml](#administration_woesxml)</br>[all_moin.xml](#all_moinxml)</br>[brief_case.xml](#brief_casexml)</br>[container_escape.xml](#container_escapexml)</br>[disastrous_development.xml](#disastrous_developmentxml)</br>[erlang_explosion.xml](#erlang_explosionxml)</br>[eventful_data.xml](#eventful_dataxml)</br>[eyearesee.xml](#eyeareseexml)</br>[feeling_blu.xml](#feeling_bluxml)</br>[ff_leaked.xml](#ff_leakedxml)</br>[nosferatu.xml](#nosferatuxml)</br>[performance_peril.xml](#performance_perilxml)</br>[putting_it_together.xml](#putting_it_togetherxml)</br>[rooting_for_a_win_user.xml](#rooting_for_a_win_userxml)</br>[such_a_git.xml](#such_a_gitxml)</br>[time_to_patch.xml](#time_to_patchxml)</br>
|
||||
Role of Operating Systems | [container_escape.xml](#container_escapexml)</br>
|
||||
|
||||
## Cryptography (C)
|
||||
## Applied Cryptography (AC)
|
||||
|
||||
### C Scenarios
|
||||
### AC Scenarios
|
||||
|
||||
[access_can_roll.xml](#access_can_rollxml)</br>[analyse_this.xml](#analyse_thisxml)</br>[encoding_challenges.xml](#encoding_challengesxml)</br>[feeling_blu.xml](#feeling_bluxml)</br>[ff_decode_me.xml](#ff_decode_mexml)</br>[ff_hackme_corp.xml](#ff_hackme_corpxml)</br>[ff_in_the_wild.xml](#ff_in_the_wildxml)</br>[flawed_fortress.xml](#flawed_fortressxml)</br>[nw_cyber_games.xml](#nw_cyber_gamesxml)</br>[performance_peril.xml](#performance_perilxml)</br>[post_it.xml](#post_itxml)</br>[rooting_for_a_win.xml](#rooting_for_a_winxml)</br>[time_to_patch.xml](#time_to_patchxml)</br>
|
||||
### C Scenarios by Topics
|
||||
### AC Scenarios by Topics
|
||||
| Topic | Scenario |
|
||||
| --- | --- |
|
||||
Public-Key Cryptography | [access_can_roll.xml](#access_can_rollxml)</br>[encoding_challenges.xml](#encoding_challengesxml)</br>
|
||||
@@ -62,12 +62,12 @@ Symmetric Cryptography | [analyse_this.xml](#analyse_thisxml)</br>[encoding_chal
|
||||
|
||||
### MAT Scenarios
|
||||
|
||||
[administration_woes.xml](#administration_woesxml)</br>[agent_zero.xml](#agent_zeroxml)</br>[all_moin.xml](#all_moinxml)</br>[catching_sparks.xml](#catching_sparksxml)</br>[container_escape.xml](#container_escapexml)</br>[disastrous_development.xml](#disastrous_developmentxml)</br>[erlang_explosion.xml](#erlang_explosionxml)</br>[eventful_data.xml](#eventful_dataxml)</br>[expert_reversing.xml](#expert_reversingxml)</br>[eyearesee.xml](#eyeareseexml)</br>[feeling_blu.xml](#feeling_bluxml)</br>[ff_hackme_corp.xml](#ff_hackme_corpxml)</br>[ff_in_the_wild.xml](#ff_in_the_wildxml)</br>[ff_leaked.xml](#ff_leakedxml)</br>[ff_that_escalated_quickly.xml](#ff_that_escalated_quicklyxml)</br>[flawed_fortress.xml](#flawed_fortressxml)</br>[hackme_crackme.xml](#hackme_crackmexml)</br>[immersing_reversing.xml](#immersing_reversingxml)</br>[manage_this.xml](#manage_thisxml)</br>[nosferatu.xml](#nosferatuxml)</br>[performance_peril.xml](#performance_perilxml)</br>[post_it.xml](#post_itxml)</br>[ptsd.xml](#ptsdxml)</br>[putting_it_together.xml](#putting_it_togetherxml)</br>[rehearsing_reversing.xml](#rehearsing_reversingxml)</br>[rooting_for_a_win.xml](#rooting_for_a_winxml)</br>[rooting_for_a_win_user.xml](#rooting_for_a_win_userxml)</br>[smash_crack_grab_run.xml](#smash_crack_grab_runxml)</br>[such_a_git.xml](#such_a_gitxml)</br>[time_to_patch.xml](#time_to_patchxml)</br>
|
||||
[administration_woes.xml](#administration_woesxml)</br>[agent001.xml](#agent001xml)</br>[agent_zero.xml](#agent_zeroxml)</br>[all_moin.xml](#all_moinxml)</br>[catching_sparks.xml](#catching_sparksxml)</br>[container_escape.xml](#container_escapexml)</br>[disastrous_development.xml](#disastrous_developmentxml)</br>[erlang_explosion.xml](#erlang_explosionxml)</br>[eventful_data.xml](#eventful_dataxml)</br>[expert_reversing.xml](#expert_reversingxml)</br>[eyearesee.xml](#eyeareseexml)</br>[feeling_blu.xml](#feeling_bluxml)</br>[ff_hackme_corp.xml](#ff_hackme_corpxml)</br>[ff_in_the_wild.xml](#ff_in_the_wildxml)</br>[ff_leaked.xml](#ff_leakedxml)</br>[ff_that_escalated_quickly.xml](#ff_that_escalated_quicklyxml)</br>[flawed_fortress.xml](#flawed_fortressxml)</br>[hackme_crackme.xml](#hackme_crackmexml)</br>[immersing_reversing.xml](#immersing_reversingxml)</br>[manage_this.xml](#manage_thisxml)</br>[nosferatu.xml](#nosferatuxml)</br>[performance_peril.xml](#performance_perilxml)</br>[post_it.xml](#post_itxml)</br>[ptsd.xml](#ptsdxml)</br>[putting_it_together.xml](#putting_it_togetherxml)</br>[rehearsing_reversing.xml](#rehearsing_reversingxml)</br>[rooting_for_a_win.xml](#rooting_for_a_winxml)</br>[rooting_for_a_win_user.xml](#rooting_for_a_win_userxml)</br>[smash_crack_grab_run.xml](#smash_crack_grab_runxml)</br>[such_a_git.xml](#such_a_gitxml)</br>[time_to_patch.xml](#time_to_patchxml)</br>
|
||||
### MAT Scenarios by Topics
|
||||
| Topic | Scenario |
|
||||
| --- | --- |
|
||||
Attacks and exploitation | [administration_woes.xml](#administration_woesxml)</br>[agent_zero.xml](#agent_zeroxml)</br>[all_moin.xml](#all_moinxml)</br>[catching_sparks.xml](#catching_sparksxml)</br>[container_escape.xml](#container_escapexml)</br>[disastrous_development.xml](#disastrous_developmentxml)</br>[erlang_explosion.xml](#erlang_explosionxml)</br>[eventful_data.xml](#eventful_dataxml)</br>[eyearesee.xml](#eyeareseexml)</br>[feeling_blu.xml](#feeling_bluxml)</br>[ff_hackme_corp.xml](#ff_hackme_corpxml)</br>[ff_in_the_wild.xml](#ff_in_the_wildxml)</br>[ff_leaked.xml](#ff_leakedxml)</br>[ff_that_escalated_quickly.xml](#ff_that_escalated_quicklyxml)</br>[flawed_fortress.xml](#flawed_fortressxml)</br>[hackme_crackme.xml](#hackme_crackmexml)</br>[manage_this.xml](#manage_thisxml)</br>[nosferatu.xml](#nosferatuxml)</br>[performance_peril.xml](#performance_perilxml)</br>[post_it.xml](#post_itxml)</br>[ptsd.xml](#ptsdxml)</br>[putting_it_together.xml](#putting_it_togetherxml)</br>[rooting_for_a_win.xml](#rooting_for_a_winxml)</br>[rooting_for_a_win_user.xml](#rooting_for_a_win_userxml)</br>[smash_crack_grab_run.xml](#smash_crack_grab_runxml)</br>[such_a_git.xml](#such_a_gitxml)</br>[time_to_patch.xml](#time_to_patchxml)</br>
|
||||
Malicious Activities by Malware | [agent_zero.xml](#agent_zeroxml)</br>[all_moin.xml](#all_moinxml)</br>[catching_sparks.xml](#catching_sparksxml)</br>[eyearesee.xml](#eyeareseexml)</br>[feeling_blu.xml](#feeling_bluxml)</br>[ff_hackme_corp.xml](#ff_hackme_corpxml)</br>[ff_leaked.xml](#ff_leakedxml)</br>[ff_that_escalated_quickly.xml](#ff_that_escalated_quicklyxml)</br>[flawed_fortress.xml](#flawed_fortressxml)</br>[hackme_crackme.xml](#hackme_crackmexml)</br>[nosferatu.xml](#nosferatuxml)</br>[performance_peril.xml](#performance_perilxml)</br>[post_it.xml](#post_itxml)</br>[ptsd.xml](#ptsdxml)</br>[putting_it_together.xml](#putting_it_togetherxml)</br>[rooting_for_a_win_user.xml](#rooting_for_a_win_userxml)</br>[smash_crack_grab_run.xml](#smash_crack_grab_runxml)</br>[such_a_git.xml](#such_a_gitxml)</br>[time_to_patch.xml](#time_to_patchxml)</br>
|
||||
Attacks and exploitation | [administration_woes.xml](#administration_woesxml)</br>[agent001.xml](#agent001xml)</br>[agent_zero.xml](#agent_zeroxml)</br>[all_moin.xml](#all_moinxml)</br>[catching_sparks.xml](#catching_sparksxml)</br>[container_escape.xml](#container_escapexml)</br>[disastrous_development.xml](#disastrous_developmentxml)</br>[erlang_explosion.xml](#erlang_explosionxml)</br>[eventful_data.xml](#eventful_dataxml)</br>[eyearesee.xml](#eyeareseexml)</br>[feeling_blu.xml](#feeling_bluxml)</br>[ff_hackme_corp.xml](#ff_hackme_corpxml)</br>[ff_in_the_wild.xml](#ff_in_the_wildxml)</br>[ff_leaked.xml](#ff_leakedxml)</br>[ff_that_escalated_quickly.xml](#ff_that_escalated_quicklyxml)</br>[flawed_fortress.xml](#flawed_fortressxml)</br>[hackme_crackme.xml](#hackme_crackmexml)</br>[manage_this.xml](#manage_thisxml)</br>[nosferatu.xml](#nosferatuxml)</br>[performance_peril.xml](#performance_perilxml)</br>[post_it.xml](#post_itxml)</br>[ptsd.xml](#ptsdxml)</br>[putting_it_together.xml](#putting_it_togetherxml)</br>[rooting_for_a_win.xml](#rooting_for_a_winxml)</br>[rooting_for_a_win_user.xml](#rooting_for_a_win_userxml)</br>[smash_crack_grab_run.xml](#smash_crack_grab_runxml)</br>[such_a_git.xml](#such_a_gitxml)</br>[time_to_patch.xml](#time_to_patchxml)</br>
|
||||
Malicious Activities by Malware | [agent001.xml](#agent001xml)</br>[agent_zero.xml](#agent_zeroxml)</br>[all_moin.xml](#all_moinxml)</br>[catching_sparks.xml](#catching_sparksxml)</br>[eyearesee.xml](#eyeareseexml)</br>[feeling_blu.xml](#feeling_bluxml)</br>[ff_hackme_corp.xml](#ff_hackme_corpxml)</br>[ff_leaked.xml](#ff_leakedxml)</br>[ff_that_escalated_quickly.xml](#ff_that_escalated_quicklyxml)</br>[flawed_fortress.xml](#flawed_fortressxml)</br>[hackme_crackme.xml](#hackme_crackmexml)</br>[nosferatu.xml](#nosferatuxml)</br>[performance_peril.xml](#performance_perilxml)</br>[post_it.xml](#post_itxml)</br>[ptsd.xml](#ptsdxml)</br>[putting_it_together.xml](#putting_it_togetherxml)</br>[rooting_for_a_win_user.xml](#rooting_for_a_win_userxml)</br>[smash_crack_grab_run.xml](#smash_crack_grab_runxml)</br>[such_a_git.xml](#such_a_gitxml)</br>[time_to_patch.xml](#time_to_patchxml)</br>
|
||||
Malware Analysis | [expert_reversing.xml](#expert_reversingxml)</br>[immersing_reversing.xml](#immersing_reversingxml)</br>[rehearsing_reversing.xml](#rehearsing_reversingxml)</br>
|
||||
|
||||
## Software Security (SS)
|
||||
@@ -84,11 +84,11 @@ Categories of Vulnerabilities | [administration_woes.xml](#administration_woesxm
|
||||
|
||||
### SOIM Scenarios
|
||||
|
||||
[administration_woes.xml](#administration_woesxml)</br>[agent_zero.xml](#agent_zeroxml)</br>[all_moin.xml](#all_moinxml)</br>[analyse_this.xml](#analyse_thisxml)</br>[banner_grab_and_run.xml](#banner_grab_and_runxml)</br>[catching_sparks.xml](#catching_sparksxml)</br>[container_escape.xml](#container_escapexml)</br>[disastrous_development.xml](#disastrous_developmentxml)</br>[erlang_explosion.xml](#erlang_explosionxml)</br>[eventful_data.xml](#eventful_dataxml)</br>[eyearesee.xml](#eyeareseexml)</br>[feeling_blu.xml](#feeling_bluxml)</br>[ff_hackme_corp.xml](#ff_hackme_corpxml)</br>[ff_in_the_wild.xml](#ff_in_the_wildxml)</br>[ff_leaked.xml](#ff_leakedxml)</br>[ff_that_escalated_quickly.xml](#ff_that_escalated_quicklyxml)</br>[flawed_fortress.xml](#flawed_fortressxml)</br>[hackme_crackme.xml](#hackme_crackmexml)</br>[manage_this.xml](#manage_thisxml)</br>[nosferatu.xml](#nosferatuxml)</br>[performance_peril.xml](#performance_perilxml)</br>[post_it.xml](#post_itxml)</br>[ptsd.xml](#ptsdxml)</br>[putting_it_together.xml](#putting_it_togetherxml)</br>[rand_webapp.xml](#rand_webappxml)</br>[rand_webapp_adv.xml](#rand_webapp_advxml)</br>[rooting_for_a_win.xml](#rooting_for_a_winxml)</br>[rooting_for_a_win_user.xml](#rooting_for_a_win_userxml)</br>[smash_crack_grab_run.xml](#smash_crack_grab_runxml)</br>[such_a_git.xml](#such_a_gitxml)</br>[time_to_patch.xml](#time_to_patchxml)</br>
|
||||
[administration_woes.xml](#administration_woesxml)</br>[agent001.xml](#agent001xml)</br>[agent_zero.xml](#agent_zeroxml)</br>[all_moin.xml](#all_moinxml)</br>[analyse_this.xml](#analyse_thisxml)</br>[banner_grab_and_run.xml](#banner_grab_and_runxml)</br>[catching_sparks.xml](#catching_sparksxml)</br>[container_escape.xml](#container_escapexml)</br>[disastrous_development.xml](#disastrous_developmentxml)</br>[erlang_explosion.xml](#erlang_explosionxml)</br>[eventful_data.xml](#eventful_dataxml)</br>[eyearesee.xml](#eyeareseexml)</br>[feeling_blu.xml](#feeling_bluxml)</br>[ff_hackme_corp.xml](#ff_hackme_corpxml)</br>[ff_in_the_wild.xml](#ff_in_the_wildxml)</br>[ff_leaked.xml](#ff_leakedxml)</br>[ff_that_escalated_quickly.xml](#ff_that_escalated_quicklyxml)</br>[flawed_fortress.xml](#flawed_fortressxml)</br>[hackme_crackme.xml](#hackme_crackmexml)</br>[manage_this.xml](#manage_thisxml)</br>[nosferatu.xml](#nosferatuxml)</br>[performance_peril.xml](#performance_perilxml)</br>[post_it.xml](#post_itxml)</br>[ptsd.xml](#ptsdxml)</br>[putting_it_together.xml](#putting_it_togetherxml)</br>[rand_webapp.xml](#rand_webappxml)</br>[rand_webapp_adv.xml](#rand_webapp_advxml)</br>[rooting_for_a_win.xml](#rooting_for_a_winxml)</br>[rooting_for_a_win_user.xml](#rooting_for_a_win_userxml)</br>[smash_crack_grab_run.xml](#smash_crack_grab_runxml)</br>[such_a_git.xml](#such_a_gitxml)</br>[time_to_patch.xml](#time_to_patchxml)</br>
|
||||
### SOIM Scenarios by Topics
|
||||
| Topic | Scenario |
|
||||
| --- | --- |
|
||||
PENETRATION TESTING | [administration_woes.xml](#administration_woesxml)</br>[agent_zero.xml](#agent_zeroxml)</br>[all_moin.xml](#all_moinxml)</br>[banner_grab_and_run.xml](#banner_grab_and_runxml)</br>[catching_sparks.xml](#catching_sparksxml)</br>[container_escape.xml](#container_escapexml)</br>[disastrous_development.xml](#disastrous_developmentxml)</br>[erlang_explosion.xml](#erlang_explosionxml)</br>[eventful_data.xml](#eventful_dataxml)</br>[eyearesee.xml](#eyeareseexml)</br>[feeling_blu.xml](#feeling_bluxml)</br>[ff_hackme_corp.xml](#ff_hackme_corpxml)</br>[ff_in_the_wild.xml](#ff_in_the_wildxml)</br>[ff_leaked.xml](#ff_leakedxml)</br>[ff_that_escalated_quickly.xml](#ff_that_escalated_quicklyxml)</br>[flawed_fortress.xml](#flawed_fortressxml)</br>[hackme_crackme.xml](#hackme_crackmexml)</br>[manage_this.xml](#manage_thisxml)</br>[nosferatu.xml](#nosferatuxml)</br>[performance_peril.xml](#performance_perilxml)</br>[post_it.xml](#post_itxml)</br>[ptsd.xml](#ptsdxml)</br>[putting_it_together.xml](#putting_it_togetherxml)</br>[rand_webapp.xml](#rand_webappxml)</br>[rand_webapp_adv.xml](#rand_webapp_advxml)</br>[rooting_for_a_win.xml](#rooting_for_a_winxml)</br>[rooting_for_a_win_user.xml](#rooting_for_a_win_userxml)</br>[smash_crack_grab_run.xml](#smash_crack_grab_runxml)</br>[such_a_git.xml](#such_a_gitxml)</br>[time_to_patch.xml](#time_to_patchxml)</br>
|
||||
PENETRATION TESTING | [administration_woes.xml](#administration_woesxml)</br>[agent001.xml](#agent001xml)</br>[agent_zero.xml](#agent_zeroxml)</br>[all_moin.xml](#all_moinxml)</br>[banner_grab_and_run.xml](#banner_grab_and_runxml)</br>[catching_sparks.xml](#catching_sparksxml)</br>[container_escape.xml](#container_escapexml)</br>[disastrous_development.xml](#disastrous_developmentxml)</br>[erlang_explosion.xml](#erlang_explosionxml)</br>[eventful_data.xml](#eventful_dataxml)</br>[eyearesee.xml](#eyeareseexml)</br>[feeling_blu.xml](#feeling_bluxml)</br>[ff_hackme_corp.xml](#ff_hackme_corpxml)</br>[ff_in_the_wild.xml](#ff_in_the_wildxml)</br>[ff_leaked.xml](#ff_leakedxml)</br>[ff_that_escalated_quickly.xml](#ff_that_escalated_quicklyxml)</br>[flawed_fortress.xml](#flawed_fortressxml)</br>[hackme_crackme.xml](#hackme_crackmexml)</br>[manage_this.xml](#manage_thisxml)</br>[nosferatu.xml](#nosferatuxml)</br>[performance_peril.xml](#performance_perilxml)</br>[post_it.xml](#post_itxml)</br>[ptsd.xml](#ptsdxml)</br>[putting_it_together.xml](#putting_it_togetherxml)</br>[rand_webapp.xml](#rand_webappxml)</br>[rand_webapp_adv.xml](#rand_webapp_advxml)</br>[rooting_for_a_win.xml](#rooting_for_a_winxml)</br>[rooting_for_a_win_user.xml](#rooting_for_a_win_userxml)</br>[smash_crack_grab_run.xml](#smash_crack_grab_runxml)</br>[such_a_git.xml](#such_a_gitxml)</br>[time_to_patch.xml](#time_to_patchxml)</br>
|
||||
Monitor: Data Sources | [analyse_this.xml](#analyse_thisxml)</br>
|
||||
|
||||
## Web & Mobile Security (WAM)
|
||||
@@ -106,11 +106,11 @@ Fundamental Concepts and Approaches | [brief_case.xml](#brief_casexml)</br>[cont
|
||||
|
||||
### AB Scenarios
|
||||
|
||||
[agent_zero.xml](#agent_zeroxml)</br>[all_moin.xml](#all_moinxml)</br>[catching_sparks.xml](#catching_sparksxml)</br>[eyearesee.xml](#eyeareseexml)</br>[feeling_blu.xml](#feeling_bluxml)</br>[ff_hackme_corp.xml](#ff_hackme_corpxml)</br>[ff_leaked.xml](#ff_leakedxml)</br>[ff_that_escalated_quickly.xml](#ff_that_escalated_quicklyxml)</br>[flawed_fortress.xml](#flawed_fortressxml)</br>[hackme_crackme.xml](#hackme_crackmexml)</br>[nosferatu.xml](#nosferatuxml)</br>[performance_peril.xml](#performance_perilxml)</br>[post_it.xml](#post_itxml)</br>[ptsd.xml](#ptsdxml)</br>[putting_it_together.xml](#putting_it_togetherxml)</br>[rooting_for_a_win_user.xml](#rooting_for_a_win_userxml)</br>[smash_crack_grab_run.xml](#smash_crack_grab_runxml)</br>[such_a_git.xml](#such_a_gitxml)</br>[time_to_patch.xml](#time_to_patchxml)</br>
|
||||
[agent001.xml](#agent001xml)</br>[agent_zero.xml](#agent_zeroxml)</br>[all_moin.xml](#all_moinxml)</br>[catching_sparks.xml](#catching_sparksxml)</br>[eyearesee.xml](#eyeareseexml)</br>[feeling_blu.xml](#feeling_bluxml)</br>[ff_hackme_corp.xml](#ff_hackme_corpxml)</br>[ff_leaked.xml](#ff_leakedxml)</br>[ff_that_escalated_quickly.xml](#ff_that_escalated_quicklyxml)</br>[flawed_fortress.xml](#flawed_fortressxml)</br>[hackme_crackme.xml](#hackme_crackmexml)</br>[nosferatu.xml](#nosferatuxml)</br>[performance_peril.xml](#performance_perilxml)</br>[post_it.xml](#post_itxml)</br>[ptsd.xml](#ptsdxml)</br>[putting_it_together.xml](#putting_it_togetherxml)</br>[rooting_for_a_win_user.xml](#rooting_for_a_win_userxml)</br>[smash_crack_grab_run.xml](#smash_crack_grab_runxml)</br>[such_a_git.xml](#such_a_gitxml)</br>[time_to_patch.xml](#time_to_patchxml)</br>
|
||||
### AB Scenarios by Topics
|
||||
| Topic | Scenario |
|
||||
| --- | --- |
|
||||
Models | [agent_zero.xml](#agent_zeroxml)</br>[all_moin.xml](#all_moinxml)</br>[catching_sparks.xml](#catching_sparksxml)</br>[eyearesee.xml](#eyeareseexml)</br>[feeling_blu.xml](#feeling_bluxml)</br>[ff_hackme_corp.xml](#ff_hackme_corpxml)</br>[ff_leaked.xml](#ff_leakedxml)</br>[ff_that_escalated_quickly.xml](#ff_that_escalated_quicklyxml)</br>[flawed_fortress.xml](#flawed_fortressxml)</br>[hackme_crackme.xml](#hackme_crackmexml)</br>[nosferatu.xml](#nosferatuxml)</br>[performance_peril.xml](#performance_perilxml)</br>[post_it.xml](#post_itxml)</br>[ptsd.xml](#ptsdxml)</br>[putting_it_together.xml](#putting_it_togetherxml)</br>[rooting_for_a_win_user.xml](#rooting_for_a_win_userxml)</br>[smash_crack_grab_run.xml](#smash_crack_grab_runxml)</br>[such_a_git.xml](#such_a_gitxml)</br>[time_to_patch.xml](#time_to_patchxml)</br>
|
||||
Models | [agent001.xml](#agent001xml)</br>[agent_zero.xml](#agent_zeroxml)</br>[all_moin.xml](#all_moinxml)</br>[catching_sparks.xml](#catching_sparksxml)</br>[eyearesee.xml](#eyeareseexml)</br>[feeling_blu.xml](#feeling_bluxml)</br>[ff_hackme_corp.xml](#ff_hackme_corpxml)</br>[ff_leaked.xml](#ff_leakedxml)</br>[ff_that_escalated_quickly.xml](#ff_that_escalated_quicklyxml)</br>[flawed_fortress.xml](#flawed_fortressxml)</br>[hackme_crackme.xml](#hackme_crackmexml)</br>[nosferatu.xml](#nosferatuxml)</br>[performance_peril.xml](#performance_perilxml)</br>[post_it.xml](#post_itxml)</br>[ptsd.xml](#ptsdxml)</br>[putting_it_together.xml](#putting_it_togetherxml)</br>[rooting_for_a_win_user.xml](#rooting_for_a_win_userxml)</br>[smash_crack_grab_run.xml](#smash_crack_grab_runxml)</br>[such_a_git.xml](#such_a_gitxml)</br>[time_to_patch.xml](#time_to_patchxml)</br>
|
||||
|
||||
## Forensics (F)
|
||||
|
||||
@@ -167,7 +167,7 @@ PENETRATION TESTING | [banner_grab_and_run.xml](#banner_grab_and_runxml)</br>[co
|
||||
| --- | --- | --- |
|
||||
| Authentication, Authorisation & Accountability (AAA) | Authorisation | access control; Elevated privileges; Real and effective identity; Vulnerabilities and attacks on access control misconfigurations |
|
||||
| Operating Systems & Virtualisation (OSV) | Primitives for Isolation and Mediation | Access controls and operating systems; Linux security model; Unix File Permissions; setuid/setgid; Hardlink protections |
|
||||
| Cryptography (C) | Public-Key Cryptography | public-key signatures |
|
||||
| Applied Cryptography (AC) | Public-Key Cryptography | public-key signatures |
|
||||
|
||||
|
||||
Command to build VMs and start scenario:
|
||||
@@ -211,6 +211,38 @@ Command to build VMs and start scenario:
|
||||
[View source](scenarios/ctf/administration_woes.xml)
|
||||
|
||||
|
||||
## agent001.xml
|
||||
|
||||
### Details
|
||||
|
||||
| Key | Data |
|
||||
| --- | --- |
|
||||
|Name | Agent Zero: Licence to Hack |
|
||||
|Description | In this scenario, as a secret agent analyst specializing in cyber security, you are authorized to conduct offensive operations against those who threaten the digital safety and security of your country.</br></br>You have been tasked with conducting a penetration test and to investigate the operations of 'The Organization' in order to discover their evil plans. As the exercise progresses, you will uncover more and more evidence of the organization's evil plans. We beleive they are using aliases, and cover businesses.</br></br>The only reliable intel we have is that there is an operative that goes by the alias 'viper'.</br></br>You will need to use a variety of tools and techniques to perform an attack: network scanning and exploitation to gain a foothold, escalate privileges as necessary, and gather and analyze data data to collect evidence.</br></br> |
|
||||
|Lab sheet | |
|
||||
|Type | ctf; attack-ctf; pwn-ctf |
|
||||
|Author | Z. Cliffe Schreuders |
|
||||
|Linked videos| |
|
||||
|VM names| attack_vm; evil_server |
|
||||
|
||||
|
||||
|
||||
### CyBOK KAs, Topics, and Keywords
|
||||
| KA | Topic | Keywords
|
||||
| --- | --- | --- |
|
||||
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION |
|
||||
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
|
||||
| Adversarial Behaviours (AB) | Models | kill chains |
|
||||
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
|
||||
|
||||
|
||||
Command to build VMs and start scenario:
|
||||
|
||||
```ruby secgen.rb -s scenarios/ctf/agent001.xml run```
|
||||
|
||||
[View source](scenarios/ctf/agent001.xml)
|
||||
|
||||
|
||||
## agent_zero.xml
|
||||
|
||||
### Details
|
||||
@@ -301,7 +333,7 @@ Command to build VMs and start scenario:
|
||||
| KA | Topic | Keywords
|
||||
| --- | --- | --- |
|
||||
| Forensics (F) | Artifact Analysis | Encoding and alternative data formats |
|
||||
| Cryptography (C) | Symmetric Cryptography | symmetric encryption and authentication |
|
||||
| Applied Cryptography (AC) | Symmetric Cryptography | symmetric encryption and authentication |
|
||||
| Network Security (NS) | OSI (OPEN SYSTEM INTERCONNECT) MODEL | APPLICATION LAYER; DATA LINK LAYER; NETWORK LAYER |
|
||||
| Security Operations & Incident Management (SOIM) | Monitor: Data Sources | PCAP; network traffic |
|
||||
| Forensics (F) | Artifact Analysis | FILES; Hidden files |
|
||||
@@ -390,7 +422,7 @@ Command to build VMs and start scenario:
|
||||
|Type | ctf; attack-ctf |
|
||||
|Author | James Davis |
|
||||
|Linked videos| |
|
||||
|VM names| server; attack_vm |
|
||||
|VM names| attack_vm; server |
|
||||
|
||||
|
||||
|
||||
@@ -500,8 +532,8 @@ Command to build VMs and start scenario:
|
||||
### CyBOK KAs, Topics, and Keywords
|
||||
| KA | Topic | Keywords
|
||||
| --- | --- | --- |
|
||||
| Cryptography (C) | Symmetric Cryptography | symmetric encryption and authentication |
|
||||
| Cryptography (C) | Public-Key Cryptography | public-key encryption |
|
||||
| Applied Cryptography (AC) | Symmetric Cryptography | symmetric encryption and authentication |
|
||||
| Applied Cryptography (AC) | Public-Key Cryptography | public-key encryption |
|
||||
| Authentication, Authorisation & Accountability (AAA) | Authentication | Cryptography and authentication (hashes and attacks against authentication schemes / passwords) |
|
||||
| Forensics (F) | Artifact Analysis | cryptographic hashing; Encoding and alternative data formats |
|
||||
|
||||
@@ -525,7 +557,7 @@ Command to build VMs and start scenario:
|
||||
|Type | ctf; attack-ctf |
|
||||
|Author | James Davis |
|
||||
|Linked videos| |
|
||||
|VM names| server; attack_vm |
|
||||
|VM names| attack_vm; server |
|
||||
|
||||
|
||||
|
||||
@@ -559,7 +591,7 @@ Command to build VMs and start scenario:
|
||||
|Type | ctf; attack-ctf |
|
||||
|Author | James Davis |
|
||||
|Linked videos| |
|
||||
|VM names| server; attack_vm |
|
||||
|VM names| attack_vm; server |
|
||||
|
||||
|
||||
|
||||
@@ -674,7 +706,7 @@ Command to build VMs and start scenario:
|
||||
| Operating Systems & Virtualisation (OSV) | Primitives for Isolation and Mediation | Access controls and operating systems; Linux security model; Attacks against SUDO |
|
||||
| Adversarial Behaviours (AB) | Models | kill chains |
|
||||
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
|
||||
| Cryptography (C) | Symmetric Cryptography | symmetric encryption and authentication |
|
||||
| Applied Cryptography (AC) | Symmetric Cryptography | symmetric encryption and authentication |
|
||||
| Authentication, Authorisation & Accountability (AAA) | Authentication | BRUTEFORCE |
|
||||
|
||||
|
||||
@@ -704,7 +736,7 @@ Command to build VMs and start scenario:
|
||||
### CyBOK KAs, Topics, and Keywords
|
||||
| KA | Topic | Keywords
|
||||
| --- | --- | --- |
|
||||
| Cryptography (C) | Symmetric Cryptography | symmetric encryption and authentication |
|
||||
| Applied Cryptography (AC) | Symmetric Cryptography | symmetric encryption and authentication |
|
||||
| Forensics (F) | Artifact Analysis | cryptographic hashing; Encoding and alternative data formats |
|
||||
|
||||
|
||||
@@ -734,7 +766,7 @@ Command to build VMs and start scenario:
|
||||
### CyBOK KAs, Topics, and Keywords
|
||||
| KA | Topic | Keywords
|
||||
| --- | --- | --- |
|
||||
| Cryptography (C) | Symmetric Cryptography | symmetric encryption and authentication |
|
||||
| Applied Cryptography (AC) | Symmetric Cryptography | symmetric encryption and authentication |
|
||||
| Forensics (F) | Artifact Analysis | cryptographic hashing; Encoding and alternative data formats |
|
||||
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS |
|
||||
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION; PENETRATION TESTING - NETWORK MAPPING - RECONNAISSANCE |
|
||||
@@ -770,7 +802,7 @@ Command to build VMs and start scenario:
|
||||
### CyBOK KAs, Topics, and Keywords
|
||||
| KA | Topic | Keywords
|
||||
| --- | --- | --- |
|
||||
| Cryptography (C) | Symmetric Cryptography | symmetric encryption and authentication |
|
||||
| Applied Cryptography (AC) | Symmetric Cryptography | symmetric encryption and authentication |
|
||||
| Forensics (F) | Artifact Analysis | cryptographic hashing; Encoding and alternative data formats |
|
||||
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS |
|
||||
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION; PENETRATION TESTING - NETWORK MAPPING - RECONNAISSANCE |
|
||||
@@ -872,7 +904,7 @@ Command to build VMs and start scenario:
|
||||
### CyBOK KAs, Topics, and Keywords
|
||||
| KA | Topic | Keywords
|
||||
| --- | --- | --- |
|
||||
| Cryptography (C) | Symmetric Cryptography | symmetric encryption and authentication |
|
||||
| Applied Cryptography (AC) | Symmetric Cryptography | symmetric encryption and authentication |
|
||||
| Forensics (F) | Artifact Analysis | cryptographic hashing; Encoding and alternative data formats |
|
||||
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS |
|
||||
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
|
||||
@@ -964,7 +996,7 @@ Command to build VMs and start scenario:
|
||||
|Type | ctf; attack-ctf |
|
||||
|Author | James Davis |
|
||||
|Linked videos| |
|
||||
|VM names| server; attack_vm |
|
||||
|VM names| attack_vm; server |
|
||||
|
||||
|
||||
|
||||
@@ -1041,7 +1073,7 @@ Command to build VMs and start scenario:
|
||||
### CyBOK KAs, Topics, and Keywords
|
||||
| KA | Topic | Keywords
|
||||
| --- | --- | --- |
|
||||
| Cryptography (C) | Symmetric Cryptography | symmetric encryption and authentication |
|
||||
| Applied Cryptography (AC) | Symmetric Cryptography | symmetric encryption and authentication |
|
||||
| Authentication, Authorisation & Accountability (AAA) | Authentication | Cryptography and authentication (hashes and attacks against authentication schemes / passwords) |
|
||||
| Forensics (F) | Artifact Analysis | cryptographic hashing; Encoding and alternative data formats |
|
||||
|
||||
@@ -1065,7 +1097,7 @@ Command to build VMs and start scenario:
|
||||
|Type | ctf; attack-ctf |
|
||||
|Author | James Davis |
|
||||
|Linked videos| |
|
||||
|VM names| server; attack_vm |
|
||||
|VM names| attack_vm; server |
|
||||
|
||||
|
||||
|
||||
@@ -1078,7 +1110,7 @@ Command to build VMs and start scenario:
|
||||
| Web & Mobile Security (WAM) | Server-Side Vulnerabilities and Mitigations | server-side misconfiguration and vulnerable components; Command injection |
|
||||
| Operating Systems & Virtualisation (OSV) | Primitives for Isolation and Mediation | Linux security model |
|
||||
| Forensics (F) | Artifact Analysis | Encoding and alternative data formats |
|
||||
| Cryptography (C) | Symmetric Cryptography | symmetric encryption and authentication |
|
||||
| Applied Cryptography (AC) | Symmetric Cryptography | symmetric encryption and authentication |
|
||||
| Adversarial Behaviours (AB) | Models | kill chains |
|
||||
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
|
||||
|
||||
@@ -1115,7 +1147,7 @@ Command to build VMs and start scenario:
|
||||
| Adversarial Behaviours (AB) | Models | kill chains |
|
||||
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
|
||||
| Malware & Attack Technology (MAT) | Attacks and exploitation | Post-exploitation: pivoting attacks; information gathering |
|
||||
| Cryptography (C) | Symmetric Cryptography | symmetric encryption and authentication |
|
||||
| Applied Cryptography (AC) | Symmetric Cryptography | symmetric encryption and authentication |
|
||||
| Authentication, Authorisation & Accountability (AAA) | Authentication | BRUTEFORCE |
|
||||
|
||||
|
||||
@@ -1313,7 +1345,7 @@ Command to build VMs and start scenario:
|
||||
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
|
||||
| Network Security (NS) | PENETRATION TESTING | FILE - TRANSFER PROTOCOL (FTP) |
|
||||
| Forensics (F) | Artifact Analysis | Encoding and alternative data formats |
|
||||
| Cryptography (C) | Symmetric Cryptography | symmetric encryption and authentication |
|
||||
| Applied Cryptography (AC) | Symmetric Cryptography | symmetric encryption and authentication |
|
||||
|
||||
|
||||
Command to build VMs and start scenario:
|
||||
@@ -1459,7 +1491,7 @@ Command to build VMs and start scenario:
|
||||
| Operating Systems & Virtualisation (OSV) | Primitives for Isolation and Mediation | Access controls and operating systems; Linux security model; Attacks against SUDO |
|
||||
| Adversarial Behaviours (AB) | Models | kill chains |
|
||||
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
|
||||
| Cryptography (C) | Symmetric Cryptography | symmetric encryption and authentication |
|
||||
| Applied Cryptography (AC) | Symmetric Cryptography | symmetric encryption and authentication |
|
||||
| Authentication, Authorisation & Accountability (AAA) | Authentication | BRUTEFORCE |
|
||||
|
||||
|
||||
@@ -1468,3 +1500,5 @@ Command to build VMs and start scenario:
|
||||
```ruby secgen.rb -s scenarios/ctf/time_to_patch.xml run```
|
||||
|
||||
[View source](scenarios/ctf/time_to_patch.xml)
|
||||
|
||||
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -118,7 +118,7 @@ scenarios.each { |scenario|
|
||||
KA_TOPIC_SCENARIOS_HASH[ka][topic][scenario] = "-"
|
||||
(SCENARIOS_HASH[scenario] ||= []) << cybok_entry
|
||||
}
|
||||
elsif (scenario_hash['scenario']['CyBOK'])
|
||||
elsif (scenario_hash['scenario']['CyBOK'].is_a?(Hash))
|
||||
# KA_HASH[scenario] << scenario
|
||||
ka = scenario_hash['scenario']['CyBOK']['@KA']
|
||||
(@ka_hash[ka] ||= []) << scenario
|
||||
@@ -145,25 +145,6 @@ scenarios.each { |scenario|
|
||||
# SCENARIOS_HASH[scenario]['VMs'] << scenario_hash['scenario']['system']['system_name']
|
||||
end
|
||||
|
||||
# puts @ka_hash.to_s
|
||||
# puts SCENARIOS_HASH.to_s
|
||||
# SCENARIOS_HASH[scenario] = {};
|
||||
# SCENARIOS_HASH[scenario]['name'] = scenario_hash['scenario']['name']
|
||||
# SCENARIOS_HASH[scenario]['type'] = scenario_hash['scenario']['type']
|
||||
# SCENARIOS_HASH[scenario]['author'] = scenario_hash['scenario']['author']
|
||||
# SCENARIOS_HASH[scenario]['description'] = scenario_hash['scenario']['description']
|
||||
# SCENARIOS_HASH[scenario]['difficulty'] = scenario_hash['scenario']['difficulty']
|
||||
# SCENARIOS_HASH[scenario]['VMs'] = []
|
||||
# # puts '>>>>>>'
|
||||
#
|
||||
# if (scenario_hash['scenario']['system'].kind_of?(Array))
|
||||
# scenario_hash['scenario']['system'].each {|vm|
|
||||
# SCENARIOS_HASH[scenario]['VMs'] << vm['system_name']
|
||||
# }
|
||||
#
|
||||
# else
|
||||
# SCENARIOS_HASH[scenario]['VMs'] << scenario_hash['scenario']['system']['system_name']
|
||||
# end
|
||||
else
|
||||
Print.err "Error reading scenario xml: #{scenario}"
|
||||
end
|
||||
|
||||
@@ -55,7 +55,7 @@ SCENARIOS_HASH.keys.each{|scenario|
|
||||
| --- | --- |
|
||||
|Name | <%= SCENARIOS_FULL_HASH[scenario][0]["name"].to_s %> |
|
||||
|Description | <%= SCENARIOS_FULL_HASH[scenario][0]["description"].to_s.delete('#').gsub(/\n/,'</br>') %> |
|
||||
|Lab sheet | <%= SCENARIOS_FULL_HASH[scenario][0]["lab_sheet_url"].to_s.delete('#').gsub(/\n/,'</br>') %> |
|
||||
|Lab sheet | <%= SCENARIOS_FULL_HASH[scenario][0]["lab_sheet_url"].to_s.delete('#').gsub(/\n/,'</br>') if SCENARIOS_FULL_HASH[scenario] && SCENARIOS_FULL_HASH[scenario][0]["lab_sheet_url"] %> |
|
||||
|Type | <%= SCENARIOS_FULL_HASH[scenario][0]["type"].to_s.gsub(/"|\[|\]/, '').gsub(',',';') %> |
|
||||
|Author | <%= SCENARIOS_FULL_HASH[scenario][0]["author"].to_s %> |
|
||||
|Linked videos| <%= SCENARIOS_FULL_HASH[scenario][0].dig_deep(:url).to_s.gsub(/"|\[|\]/, '').gsub(',',';') %> |
|
||||
|
||||
@@ -14,7 +14,7 @@ There are <%= VIDEO_HASH.length %> videos with CyBOK metadata.
|
||||
<%
|
||||
VIDEO_HASH.each{|url,array|
|
||||
%>
|
||||
<% array.each{|arr| %>
|
||||
<% array.each do |arr| %>
|
||||
## <%= arr['title'] %>
|
||||
by <%= arr['by'] %>
|
||||
|
||||
@@ -27,15 +27,16 @@ end
|
||||
%>
|
||||
<%= arr['url'] %>
|
||||
|
||||
<% unless arr['CyBOK'].nil? -%>
|
||||
<% unless arr['CyBOK'].kind_of?(Array)
|
||||
arr['CyBOK'] = [arr['CyBOK']]
|
||||
end %>
|
||||
end -%>
|
||||
| KA | Topics | Keywords |
|
||||
| --- | --- | --- |
|
||||
<% arr['CyBOK'].each {|cybok| -%>
|
||||
<% arr['CyBOK'].each do |cybok| -%>
|
||||
| <%= CyBOK_ACRONYMS[cybok["@KA"]] %> (<%= cybok["@KA"] %>) | <%= cybok["@topic"] %> | <%= cybok["keyword"].to_s.gsub(/"|\[|\]/, '').gsub(',',';') %> |
|
||||
<% } -%>
|
||||
<% } %>
|
||||
|
||||
<% end -%>
|
||||
<% end -%>
|
||||
<% end -%>
|
||||
<%
|
||||
} %>
|
||||
@@ -49,20 +49,6 @@
|
||||
<keyword>The fallibility of digital evidence to tampering</keyword>
|
||||
</CyBOK>
|
||||
</video>
|
||||
<video>
|
||||
<title>Log Management</title>
|
||||
<by>Z. Cliffe Schreuders</by>
|
||||
<url>https://youtu.be/0EafG4CLwA4</url>
|
||||
<type>lecture-prerecorded</type>
|
||||
<CyBOK KA="SOIM" topic="Monitor: Data Sources">
|
||||
<keyword>system and kernel logs</keyword>
|
||||
<keyword>application logs: web server logs and files</keyword>
|
||||
<keyword>Syslog</keyword>
|
||||
</CyBOK>
|
||||
<CyBOK KA="SOIM" topic="Analyse: Analysis Methods">
|
||||
<keyword>contribution of SIEM to analysis and detection</keyword>
|
||||
</CyBOK>
|
||||
</video>
|
||||
|
||||
<system>
|
||||
<system_name>kali</system_name>
|
||||
|
||||
@@ -14,12 +14,66 @@
|
||||
|
||||
This is a Hackerbot lab. The labsheet is available once you claim a set of VMs. Work through the labsheet, then when prompted interact with Hackerbot.
|
||||
</description>
|
||||
<lab_sheet_url>https://docs.google.com/document/d/13fzmV01ju4sTFc9R-Fzr6Ti2zQ5UYSx3ClGrycs9XVA/edit?usp=sharing</lab_sheet_url>
|
||||
|
||||
<type>ctf-lab</type>
|
||||
<type>hackerbot-lab</type>
|
||||
<type>lab-sheet</type>
|
||||
<difficulty>intermediate</difficulty>
|
||||
|
||||
<CyBOK KA="SOIM" topic="Fundamental Concepts">
|
||||
<keyword>workflows and vocabulary</keyword>
|
||||
<keyword>PURPOSE OF LOGGING AND AUDITING</keyword>
|
||||
</CyBOK>
|
||||
<CyBOK KA="SOIM" topic="Monitor: Data Sources">
|
||||
<keyword>system and kernel logs</keyword>
|
||||
<keyword>Syslog</keyword>
|
||||
<keyword>Linux Journal and SystemD</keyword>
|
||||
<keyword>EVENTS - LOGGING</keyword>
|
||||
<keyword>LOG FILES - CENTRALIZED LOGGING</keyword>
|
||||
<keyword>LOG FILES - EVENT SOURCE CONFIGURATION</keyword>
|
||||
<keyword>LOGGING AND AUDITING OF CHANGES</keyword>
|
||||
<keyword>MONITORING - INTEGRITY</keyword>
|
||||
<keyword>AuditBeat</keyword>
|
||||
</CyBOK>
|
||||
<CyBOK KA="SOIM" topic="Analyse: Analysis Methods">
|
||||
<keyword>contribution of SIEM to analysis and detection</keyword>
|
||||
<keyword>EVENTS - ANALYSIS</keyword>
|
||||
</CyBOK>
|
||||
<CyBOK KA="SOIM" topic="Plan: Security Information and Event Management">
|
||||
<keyword>data collection</keyword>
|
||||
<keyword>alert correlation</keyword>
|
||||
<keyword>LOG FILES - INCIDENT RESPONSE</keyword>
|
||||
<keyword>MONITORING - INCIDENT RESPONSE</keyword>
|
||||
</CyBOK>
|
||||
<CyBOK KA="SOIM" topic="Execute: Mitigation and Countermeasures">
|
||||
<keyword>SIEM platforms and countermeasures</keyword>
|
||||
<keyword>SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)</keyword>
|
||||
<keyword>Configuring Elastic Stack for centralised logging and SIEM</keyword>
|
||||
</CyBOK>
|
||||
|
||||
<video>
|
||||
<title>Log Management</title>
|
||||
<by>Z. Cliffe Schreuders</by>
|
||||
<url>https://youtu.be/0EafG4CLwA4</url>
|
||||
<type>lecture-prerecorded</type>
|
||||
<CyBOK KA="SOIM" topic="Fundamental Concepts">
|
||||
<keyword>workflows and vocabulary</keyword>
|
||||
<keyword>PURPOSE OF LOGGING AND AUDITING</keyword>
|
||||
</CyBOK>
|
||||
<CyBOK KA="SOIM" topic="Monitor: Data Sources">
|
||||
<keyword>system and kernel logs</keyword>
|
||||
<keyword>Syslog</keyword>
|
||||
<keyword>Linux Journal and SystemD</keyword>
|
||||
<keyword>EVENTS - LOGGING</keyword>
|
||||
<keyword>LOG FILES - CENTRALIZED LOGGING</keyword>
|
||||
<keyword>LOG FILES - EVENT SOURCE CONFIGURATION</keyword>
|
||||
<keyword>Log format: Common Log Format (CLF)</keyword>
|
||||
</CyBOK>
|
||||
<CyBOK KA="SOIM" topic="Analyse: Analysis Methods">
|
||||
<keyword>contribution of SIEM to analysis and detection</keyword>
|
||||
</CyBOK>
|
||||
</video>
|
||||
|
||||
<system>
|
||||
<system_name>siem_management</system_name>
|
||||
|
||||
Reference in New Issue
Block a user