Hands-On/ Working Experience

---

Domain Name System

1. Create VMs for Windows Server and Windows 7/10. Configure a primary DNS server and add records for Forward and Reverse Lookup(CNAME record/ PTR record)

Active Directory

1. Creating and Managing Active Directory Objects (Create Users, Organizational Units, Groups, and User Templates)

Group Policy

1. Configure group policy objects to secure client machines and prevent unauthorized users from making changes.
2. Create a GPO with a script that is activated upon each computer logon and provides users with administrative permissions via restricted groups.
3. Add external Google templates, configure GPOs for Google Chrome across the domain, and understand the concept of policy precedence.

DHCP

1. Install and configure DHCP services on a Windows server in a domain environment. (Create Scope/IP ranges, exclusions, set lease)

Powershell

1. Practice PowerShell Active Directory commands and manage objects using the bulk action method. (New OUs, Users/Password, add/change groups, add parameters)
2. Manage a client Windows 10 environment remotely from the Windows 2016 Server via PowerShell. (Create local user, Enter PSSession/navigate remote machine, add directory, restart/shutdown)

Shares and Permissions

1. Create a new shared resource in a domain environment and grant different permission levels to users and administrators. 
2. Set up a working distributed file system to back up data and create a higher level of availability for network shares. (Create Namespace, add permissions, and replicate files using 2 different servers)

Microsoft Endpoint Security

1. Use Bitlocker/GPOs to set up drive encryption
2. Setup AppLocker (Audit/log script executions and enforce rules to prevent them from running)
3. Configuring Windows Firewall (Use GPO/Firewall to block RDP using port number)

Security Policies and Authentication

1. Disable LLMNR/NetBIOS to prevent name resolution, Enable SMB signing
2. Set password policies for the domain (Minimum length, complexity, age, history) and configure account lockout policy (# of attempts, lockout duration)
3. Security Policies (Setup a policy to prevent local login, rename the administrator account, Disable last login display)
4. Configure an Audit Policy (Audit Object access, Create an audited directory/learn to filter logs, Audit account logons)

1. Learn about and practice using CLI networking commands in Windows.
2. Wireshark basic setup, capture, examination and navigation
3. Converting Decimal, Binary, and Hexadecimal (Use practice questions to evaluate and convert values)
4. Subnetting Practice (CIDR & VLSM)

Packet Tracer Labs 

1. Fundamentals and Commands (enable/configure terminal, create user accounts/password, basic router/switch configuration commands)
2. Backing up switch config files / Backup and Upgrade network device OS
3. Configure remote access with SSH to network devices from Admin PC
4. Configure a router to connect two LANs using IPv6 addresses and then use troubleshooting techniques to verify connectivity.
5. Understand the principles of OSPF, Configure routers to use OSPF.
6. Configure both a Syslog server and an NTP server to log events across the network. Then configure a router to send system logs to the syslog server.
7. Configure DHCP services on a router to assign IPv4 addresses to every endpoint and network device on each of three networks

Amazon AWS Labs

1. Create an AWS account, create an EC2 instance with basic configuration, connect to the instance via RDP.
2. Set a billing alert to notify when the free services are used.
3. Identity and Access Management - Implement IAM features for AWS accounts
4. Create a virtual Windows Server 2012 R2 machine and configure it with basic settings
5. Create security groups to govern ICMP and RDP access to AWS resources.
6. Amazon Inspector - Become familiar with Inspector, Scan the cloud tenant and report the findings.
7. Create Organizations to allow centralized management for multiple AWS accounts.
8. Implement security configuration using WAF to prevent unauthorized access to content saved in the cloud.

Introduction

1. Learn how to configure primary settings and resources for a Linux installation, and install a basic Debian environment from an image disk.
2. Install GnomeDE for a more interactive virtual environment (graphical interfaces and tools).

CLI Fundamentals

1. Practice using text editors and output redirection to read from and write to files.
2. Use search commands to locate files and find specific text within the files.

Users and Permissions

1. Create new users and configure customized home directories and password policies.
2. Configure a SUID on one of the system’s binaries to copy classified data with a regular user.

Networking and System Management

1. Become familiar with manual, static IP address configuration in Linux CLI
2. Use the APT package manager to update the repository database and repository links.
3. Install the Apache2 service, and configure it to manage local web server access options. Install Nginx and resolve a port conflict.

Services and Hardening

1. Install the SSH service for remote connection, use Secure Copy Protocol (SCP) to transfer files
2. Perform a basic configuration of Samba, provide access to Samba shares via a Windows client machine, and create an FTP server to transfer/share files between machines.
3. SSH Hardening (Set connection limitations and port configuration) | Configure WinSCP + PuTTY(Windows) and vsftpd(Debian) to harden FTP servers | Samba Hardening (Change permissions, add security parameters)

Host Security

1. Use Grub to password-protect the bootloader and prevent malicious users from obtaining information about the Linux environment.
2. Install PAM(Privileged Access Manager) and use it to apply password policies to any user added in the machine, and to secure SSH login.
3. Set up a simple recurring task using Crontab, then exploit the task and attempt to gain access to files.

Network Security

1. Use iptables to learn how to block all connections through SSH, then modify the configuration to ‘Allow List’ a client’s IP address.
2. Generate an SSL certificate for the Apache web server and configure Apache to use SSL.

Scripting Labs

1. Design a bash script for pentesting that uses ping to get information on network endpoints.
2. Build a backup plan for a directory and write an automated script that compresses the folder and backs it up.
3. File Integrity Monitoring - Write a script that will create and check/compare the hashes for an Apache server.
4. Design a script that checks for open ports listening on the machine.
5. Create a Bash script that blocks IP addresses through Iptables when the limit of ‘404 error login attempts’ is exceeded.

Network Security Systems & Architecture

1. Investigate a PCAP file and design a more secure architecture based on the material learned.

Network Attacks and Mitigation

1. Learn about best practices to configure mitigation settings for DHCP, NTP, and OSPF spoofing. Configure NTP with authentication, and enable DHCP snooping.

Network Traffic Analysis

1. Advanced Wireshark Analysis 
   1. Set predefined capture filters for port/protocol and IP. 
   2. Practice capturing and analyzing host machine data. 
   3. Analyze a provided PCAP file to determine which IPs are communicating and over which protocol
2. Practice methods learned of downloading files from network captures. (Manually extracting files from captured traffic via Wireshark, and using NetworkMiner to automatically extract files from traffic)
3. Practice using Network Monitor to capture traffic and identify processes.

Practical Cryptography

1. Practice manual Base64 encoding.
2. Crack a provided hash using a rainbow table.
3. Practice encryption and decryption techniques.(Hexadecimal encryption using a Key, ASCII Conversions, Zigzag encryption, ROT13 encryption, etc.)

Firewall Fundamentals

1. Install pfSense and configure the environment to enable administration from a Windows 10 VM on an internal network.
2. Configure firewall rules in pfSense to block or allow ICMP packets.
3. Enable port forwarding to access an XAMPP Apache web server from the pfSense WAN interface.

VPN Technologies

1. Create a VPN connection between Windows 10 and Win Server 2012 virtual machines using PPTP.
2. Install and configure the Tor browser in the Windows environment.
3. Install and configure OpenVPN on a Linux machine.

Network Monitoring

1. Packet Tracer: Set up SNMP(Simple Network Management Protocol) on all devices, and control them using the protocol.
2. Install the Nagios network monitoring system, and learn how to configure it to monitor a PC on a network.
3. Wireshark Challenge: “Use Wireshark to identify an employee's activity during their work hours. Inspect the data to understand what they have been up to. If any abnormal activity is found, report it to the CISO”
   1. Check Statistics and Protocol Hierarchy for high packet flow, check conversations and note the addresses. 
   2. Filter the IP addresses with a high volume of bytes and long durations, and identify the addresses conducting suspicious activity. 
   3. Filter the communication and check the contents and documents. Report findings.

IPS & IDS Concepts

1. Install Suricata IPS/IDS on pfSense and configure it to monitor the WAN interface.
2. Define manual rules on Suricata to alert about FTP and HTTP connection anomalies. (Detect non-FTP connections to FTP ports. Setup alerts to notify about access to HTTP service via ports other than 80 or 8080)
3. Perform an investigation of a malicious IP address.(Check who.is records, perform IP blacklist check)

Scenario:

 You have just been hired at a new company, GoodCorp, which is experiencing serious network security challenges. Users can access resources they should not have access to, inbound traffic still needs to be properly filtered/blocked, and GoodCorp lacks secure access to remote employees. Your manager assigned you in the SOC and all security-related requests are sent to you, you must resolve all requests sent to you.

Requests:

Ticket 1: The HR manager has requested that you block traffic to prevent employees from using computers in the office for gaming. (For this project ICMP is used for gaming)

1. Test that traffic is allowed.
2. Using pfSense create a firewall rule on the LAN interface blocking ICMP traffic with 8.8.8.8 as the destination. Set pfSense to log packets that match the rule.
3. Add a rule to the WAN interface to allow ICMP traffic. (To allow hping3 and ncrack for later)
4. Test rules, check logs, and provide evidence they work.

Ticket 2: The warehouse manager requested VPN access for the employees. The firewall is not licensed and configured, but he wants the employee to have temporary access via other means. He asks you to make the web server and SSH service available for connection from remote networks.

1. Set up a NAT port-forwarding rule that translates external SSH and HTTP requests to the internal IP addresses of the web server
2. Test access to the web server from your physical host by accessing the website via the pfSense WAN interface
3. Provide evidence that everything works

Ticket 3: The company's CISO decided to implement a detection and prevention system against potential known network attacks.. She put you in charge of the implementation. Set up a mechanism capable of detecting DoS and Brute-Force attacks and verifying that they function correctly.

1. Verify that pfSense is up to date.
2. Install Suricata IDS/IPS Package and Suricata Rulesets Package
3. Configure custom rules to detect and alert abnormal traffic received by the WAN interface. (Rule sets provided)
4. Run ncrack and hping3 against the WAN to verify the rules and alerts work correctly
5. Provide evidence that everything works.

Endpoint Security

1. Install ClamAV, configure it, obtain its signature, and update its database.
2. Create a YARA rule to identify the provided file as infected and add it to the ClamAV database.
3. Create an Allow List database in ClamAV to allow access for the provided “malicious” file.

Honeypots

1. Learn how the Modern Honey Network on a Linux machine works and how to configure the Dionaea honeypot. Set up a Linux Virtual Machine, add an open-source honeypot, and attack it to trigger a rule.
2. On a Windows 10 virtual machine, configure the Valhala honeypot to capture POP3 traffic.

Data Loss Prevention

1. Examine data leak cases and study their implications.
2. Become familiar with regular expressions and create regex patterns to extract necessary information.
3. Install OpenDLP,  complete the initial configuration, and perform a scan. Use WinSCP to securely transfer files “remotely”.
4. Use base64 encryption on the provided file to bypass DLP controls and scan it using OpenDLP.

Mail Security

1. Use the nslookup command to query DNS records for a specific domain. 
   1. Create an automated DNS reconnaissance script to fetch a domain’s DNS records.
   2. Perform a DNS zone transfer
2. Import a test POP3 server, connect to it using the POP3 protocol, and retrieve a series of messages (emails) using POP3 commands.
3. Email Spoofing: Check whether a domain contains an SPF record. Send yourself a spoofed email from the domain and examine the results and the email headers.

Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR)

1. Set up a virtual environment and learn how to use pfSense as a firewall/DHCP server.
2. Configure Snort on pfSense and monitor ICMP traffic with custom rules.
3. Install Splunk Enterprise on Linux, connect, and gather logs from Windows OS using Splunk Universal Forwarder.
4. Forward Snort alerts to Splunk enterprise and search for logged events.
5. Execute queries in Splunk to search for logged information about the system and display all logs of authentication failures
6. Create custom fields to parse Splunk logs.
7. Use different search operators(IN, AND, NOT, etc.) to filter log searches.
8. Practice graph creation in Splunk using the provided advanced query techniques.
9. Create custom alerts in Splunk using search results.
10. Practice dashboard creation in Splunk to display information on a single screen.

IIoT & ICS (Industrial Internet of Things and Industrial Control Systems)

1. Find ICS components in Shodan using search filters.
2. Research the Mirai botnet attack and the Stuxnet worm
3. Use binwalk and strings to understand what type of image the provided firmware is, and then use Qemu to emulate it.
4. Understand how to physically secure a home and an apartment and answer questions regarding the physical security of a home and an apartment.
5. Understand how to physically secure an office building and answer questions regarding the physical security of an office building.
6. Understand how to physically secure a military facility and answer questions regarding the physical security of a military facility.
7. Acquire a better understanding of the diagrams.net web tool, create a new diagram and explore the features of diagrams.net.
8. Draw a diagram of a secure architecture for an organization consisting of: 2 firewalls to create a DMZ, 3 routers, 2 switches, 20 workstations in four departments, a public web application server, a mail relay server, a Web Application Firewall, a SIEM server, a Web server database, a Honeypot, and DLP.
9. Understand and explain how secure network architecture can prevent network attacks.

Objective: Connect to the Splunk system, investigate the events, and identify a suspicious message to obtain the flag.

Scenario: An organization’s monitoring system identified suspicious download activities captured in a honeypot. The Splunk system recorded the event, but the system cannot be accessed because its operator was recently released from the company. You were hired as a security analyst not long after. The system administrator was able to provide you with access to the mail server and told you that all the data needed to access the Splunk system is stored on that server.

Steps:

1. Inspect the provided environment.
2. Note the message “POP3 is open!” and the provided credentials.
3. Use Telnet to connect to port 110 and log in.
4. List the existing emails and investigate them to search for information.
5. Enter the URL found in the emails. (http://[Server IP]:8080). Log into the Splunk system.
6. In the platform, search for records of the download attempt and investigate them to identify the potential sources.
7. Access the located sources to search for interesting information in them.
8. Decipher the messages located in the URLs and identify the flag. (Y0u D1d 1T!)

Introduction to Programming

1. Install Python and PyCharm and write a program that prints messages to the screen.
2. Become familiar with the customization options in PyCharm.

Data Types and Conditions

1. Working with variables using different mathematical operations.
2. Using basic conditional operators in Python.
3. Using advanced conditions and basic error handling with out-of-range values. 
4. Practice using a dictionary that stores predefined data that a user can randomly request. Construct an interactive script that returns which service is associated with which port number.

Loops

1. Practice how to create a range with various inputs in a loop. Write code in which the range function is modified in accordance with input from the user.
2. Creating nested lists and loops. Create a for loop in a for loop
3. Work with input from users to control the program flow, and insert and retrieve the desired output. Construct an interactive script that asks the user for the name of a service and a port number, and assigns the values in a dictionary as a key-value pair.
4. Practice creating code using while loops and conditions.
5. Implement conditions to control infinite while loops. Create a script that will simulate a shopping experience.

File System & Error Handling

1. Use try and except to handle code errors. Create a program that receives a number from the user and divides it by zero. As this operation is invalid, the program must handle the error accordingly.
2. Practice handling error conditions that may occur in Python code. Write a program that calculates the product of four numbers provided by the user and prints the result. Use try and except statements to ensure that the program will not fail when the input is not a valid number.
3. Write a script that will open a file, take input from a user, use the input to write text to a file, and exit on command.
4. Create a script that will extract text from a file provided by the user and read one line at a time.
5. Create a script that will perform a ping to 8.8.8.8 to verify that a network connection exists in the system and print a response accordingly.
6. Write a script that will create a file and a directory using names specified by the user. Then list all files that exist in the directory.
7. Use the Base64 module to Encode and decode a Base64 secret using Python and print the original message to the console.
8. Write a script to copy a file in a directory and assign it a different file name.

Functions

1. Practice creating functions, defining parameters, and performing mathematical calculations in Python. Write a script that acts as a basic calculator.
2. Create multiple functions that return different list types based on user input and display their types.
3. Understand how the scope of a variable influences its behavior and how it can be manipulated. Create global variables and try to make changes to them within a function.
4. Understand the value of the __main__ variable and how to use it in code. Prepare a program that executes only if its main file is run directly.
5. Create a game in which the user guesses a random number from 1-10 and receives a response based on correctness.
6. Write a program that identifies items in a list of integers and other data types and prints only numbers within nested lists.
7. Write a program that will print all files in a directory as well as the name and size of each file and iterate through any directories found.
8. Understand object-oriented programming (OOP) and how to create classes in Python. Practice the implementation of object-oriented programming by creating a class and its attributes.

Network Communication

1. Learn how to create a socket with Python and wait for a connection from a client. Run the required commands to create a listening server.

Python Final Project

Implement learned skills to create an automated program that can be used in real-life scenarios. Create a program that can detect active ARP Spoofing attacks on host machines by locating MAC address duplications in the ARP table entries and create a log accordingly.

Network Scanning

1. Research publicly disclosed breaches, investigate how the companies and public were impacted, and learn what steps were taken to remediate or prevent future incidents.
2. Use scanning techniques on the network to find the target on the vulnerable machine using Nmap commands. 
3. Implement basic network scanning using Masscan.
4. Perform different types of network scans using Nmap’s GUI tool, called Zenmap.
5. Create a script that automatically finds the network address and scans it for ARP addresses using the Scapy tool.

On-Path Attacks

1. Execute an ARP poisoning attack to change values in the victim’s ARP table using a Kali Linux virtual machine.
2. Use Bettercap to target client browsing on the internet and redirect it to your website via a DNS poisoning attack.
3. Use SSLStrip to target a victim and sniff information it sends over the internet in order to  capture its login credentials.

Brute-Force Attacks

1. Encrypt and decrypt data using the MD5 hashing algorithm to learn about the weakness of outdated hashes.
2. Understand how to extract a hash from a file and then use software to crack the password with the help of a wordlist.
3. Perform reconnaissance of an internal website to properly assess the security of the site. Initiate a Brute-Force attack on the website using the Hydra toolset to gain access, then crack the password on the locked RAR file.

Social Engineering

1. Understand how to use Social Engineering Toolkit (SET) to clone and gather credentials from a website. Create a fake phishing site and get credentials from a user.
2. Implement a social engineering attack called SFX using WinRAR, by creating a fake executable file.

Infrastructure Attacks

1. Assess the security of the Apache website and OpenSSH using the tool SearchSploit. Use websites such as Exploit Database and CVE Details and confirm the level and threat of each exploit to formulate a simple threat report with four parts: name of vulnerability, date of discovery, CVE score, and description of vulnerability.
2. Use the Metasploit Framework (MSF) to scan for HSTS configurations and gain a remote shell on a provided Windows 7 VM. Implement a basic SMB attack using the predesigned SMB_login module in metasploit.
3. Understand how to bind a custom Trojan to a regular application. Create a payload using MSF and AnyDesk and gain control of a target's computer.
4. Understand how to exploit a Windows 7 VM with SMB and EternalBlue. Execute the famous EternalBlue attack on a victim, using MetaSploit.

Windows Privilege Escalation

1. Practice and implement local privilege elevation techniques in Windows 7 systems, and their mitigations. Use the Windows repair tool to alter the names of executables and trick the OS to open CMD.
2. Understand how to create a user and hide its creation in order to maintain a backdoor.
3. Practice and implement local privilege elevation techniques in a Windows 10 system and their mitigations. Use the Windows repair tool to rebind the On-Screen keyboard with the CMD prompt.

Linux Privilege Escalation

1. Understand how to bypass authentication on a Linux system and how to mitigate a bypass attack. Perform Linux local privilege escalation by editing GRUB. Practice GRUB mitigation by encrypting it with a password.
2. Perform privilege escalation on an Ubuntu box with the use of a tool known as Dirty COW. Use the Dirty COW attack to escalate privileges on a Linux operating system remotely.

Web Application Security Fundamentals

1. Become familiar with HTTP headers, Apache service control, configuration files, and a web development inspector tool. Customize a personal HTTP server with a connection port and HTTP header.
2. Learn how to configure Burp Suite to work with the browser and intercept HTTP traffic for manipulation. Use a Kali VM to intercept network HTTP traffic and hack login credentials.

XSS and File Inclusion

1. Become familiar with common XSS attacks on web pages. Implement common reflected and stored XSS attacks in a bWAPP(Buggy Web Application) virtual machine.
2. Become familiar with Local File Inclusion (LFI) and Remote File Inclusion (RFI) vulnerabilities and understand how to leverage them for information retrieval. Implement an LFI attack on the bWAPP machine to access sensitive information on the server.
3. Understand how to use an LFI attack to exploit an empty web page and become familiar with additional attack vectors. Identify an LFI vulnerability in a website and exploit it to obtain the flag.

SQL Injection

1. Create and manipulate an SQL database using various commands. Create a database, display information stored in it, and extract information from it.
2. Implement an SQL Injection attack and take advantage of queries to manipulate the database. Extract information from an SQL database and implement injection techniques.

Report Writing

1. Gain hands-on experience creating a professional and detailed report of penetration testing conclusions. Work with bWAPP, exploit a vulnerability, and write a detailed report.