Course

Infosec Skills Challenge: April 2022

    Syllabus

  • MITRE ATT&CK – Resource Development – Webshells Lab — 00:30:00
    • In this lab, the student learns to develop and stage several webshells and how to determine which webshell should be uploaded to a web server. The compromised infrastructure is then used to deploy drive-by attacks.

  • MITRE ATT&CK – Reconnaissance – Mapping DNS Information Lab — 00:30:00
    • This lab entails a series of Mitre ATT&CK techniques and sub techniques with the aim of showcasing the possibility of intertwinement between them. The conjoining of the techniques is done in order to gather information on the victim’s networks and search freely on available technical databases for information which can be used during targeting.

      In order to enumerate DNS a general understanding of DNS and how it functions is required.

      Communication through the internet or private networks requires the identification and localizations of each host and their respective IP address. Nonetheless, remembering IP addresses for each host would be a lengthy and tedious task. Thus, each host is assigned a name known as the domain name. Additionally, the domain name is mapped with the corresponding IP address. The association between the domain name and the IP address is all defined by the Domain Name System (DNS) database. As such, DNS is essentially an internet phone book, which resolves the issue of human read web addresses to IP addresses.

  • MITRE ATT&CK – Resource Development – Malicious Linux Packages Lab — 00:30:00
    • Debian is a robust and reliable system that uses APT as its default package manager. The APT package manager handles how software packages are downloaded and installed on Linux systems, including Debian and Ubuntu. Unofficial package repositories replace any package they want freely, and there is no clear trust path between the user and the developer. The adversaries usually exploit Debian-based systems by creating malicious repositories for the APT packet manager and distributing them to the victims. Once exploited, the vector of attacks proprietary increases.

Syllabus

Course description

We’ve included three of our newest labs — each mapped to the MITRE ATT&CK® Matrix for Enterprise. To earn this month’s bounty, you’ll need to successfully progress from Reconnaissance to Resource Development in an attempt to compromise an organization’s infrastructure. Once you’ve unlocked your certificate of completion, share it on LinkedIn and tag our @Infosec profile for your chance to win a $100 Amazon gift card, Infosec hoodie and a free year of on-demand training with Infosec Skills!

You're in good company

CY

We use Infosec Skills to provide continuous training to our technicians and to prepare them for various certifications. Infosec Skills allows us to create personalized training programs that focus on each of our technicians’ particular roles and see their progress as they take courses. We also, recommend it to clients to make their IT support teams better.

Caleb Yankus

DS

This has been utilized to bridge the skills gap across our cyber team and to aid them as they prepare for their various certifications. It also has provided a nice learning foundation for our various cyber team members to utilize as we continue to find ways for cross-utilization with operations while minimizing the downtime needed to ensure everyone’s knowledge is the same.

Daniel Simpson

IS

We use Infosec Skills to provide base level knowledge for employees. We also use the services to provide in depth learning for employees as they encounter new technologies. If an employee is is assigned to a new project, we can rely on Infosec Skills to provide a rapid concentrated learning environment. This rapid concentrated learning positions our employees for success.

Infosec Skills Teams client

Plans & pricing

  • Infosec Skills Personal

    $299 / year

    • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Custom certification practice exams (e.g., CISSP, Security+)
    • Skill assessments
    • Infosec peer community support
  • Infosec Skills Teams

    $799 per license / year

    • Team administration and reporting
    • Dedicated client success manager
    • Single sign-on (SSO)
      Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
    • Integrations via API
      Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
    • 190+ role-guided learning paths and assessments (e.g., Incident Response)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Create and assign custom learning paths
    • Custom certification practice exams (e.g., CISSP, CISA)
    • Optional upgrade: Guarantee team certification with live boot camps

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Award-winning training that you can trust

Comprehensive Cybersecurity Training - Infosec Skills
Cybersecurity Education and Training Gold Award - Infosec IQ
Top Rated Award - Infosec Skills
2021 G2 Summer - Leader - Tech Skills Dev, Online Course, eLearning Content
Top 20 Company - Online Learning Library