Cyber Range
Each lab in this Cyber Range covers a known technique or techniques that attackers use to compromise a system. By understanding the tactics and techniques used by attackers, offensive and defensive measures can be put in place to prevent and mitigate attacks.
The labs
Sandworm APT Lab 1
Sandworm APT is an advanced hacking group that has been active since at least 2009. Most famous for their attacks on Ukrainian electrical companies and the NotPetya attacks in 2016, they are a Russian-backed threat group. In this lab, we’ll take a look at and emulate some of the techniques that Sandworm has used in the past to compromise, pivot from, and destroy a server.
Advanced Adversary Tactics – Defense Evasion
This lab covers multiple techniques related to defense evasion including crashing an antivirus to avoid detection, modifying PAM to allow for a backdoored password, and going through multiple methods of identifying virtual environments.
Advanced Adversary Tactics – Privilege Escalation XSS
This lab will cover using XSS techniques to steal tokens from other users and using these tokens to escalate to admin privileges.
Advanced Adversary Tactics – Reconnaissance and Resource Development
The first steps of the MITRE ATT&CK chain focus on learning about a target and gathering information for future attacks. This sort of information gathering can be instrumental to the success of future operations. For example, learning that a target uses a standard IT management software could cause an APT to target this software in a supply-chain vulnerability attack later on. In this lab we’ll take a look at some of the social engineering techniques and tools that can help aid Reconnaissance and Resource Development.
Sandworm APT Lab 2
Sandworm APT is an advanced hacking group that has been active since at least 2009. Most famous for their attacks on Ukrainian electrical companies and the NotPetya attacks in 2016, they are a Russian-backed threat group. In this lab we’ll take a look at and emulate some of the techniques that Sandworm has used in the past to compromise, pivot from, and destroy a server.
Advanced Adversary Tactics – Persistence
This lab covers multiple techniques related to persistence including tampering with desktop autostart application, .bashrc files, trojanizing binaries, and infecting a USB drive.
Advanced Adversary Tactics – Persistence 2
This lab covers multiple techniques related to persistence including creating a malicious browser extension and modify system processes.
Advanced Adversary Tactics – Pivoting with Proxychains
This lab covers configuring and using proxychains to pivot between machines on a network. The lab simulates pivoting that might occur were a raspberry pi or similar device added to a network.
We use Infosec Skills to provide continuous training to our technicians and to prepare them for various certifications. Infosec Skills allows us to create personalized training programs that focus on each of our technicians’ particular roles and see their progress as they take courses. We also, recommend it to clients to make their IT support teams better.
Caleb Yankus
This has been utilized to bridge the skills gap across our cyber team and to aid them as they prepare for their various certifications. It also has provided a nice learning foundation for our various cyber team members to utilize as we continue to find ways for cross-utilization with operations while minimizing the downtime needed to ensure everyone’s knowledge is the same.
Daniel Simpson
We use Infosec Skills to provide base level knowledge for employees. We also use the services to provide in depth learning for employees as they encounter new technologies. If an employee is is assigned to a new project, we can rely on Infosec Skills to provide a rapid concentrated learning environment. This rapid concentrated learning positions our employees for success.
Infosec Skills Teams client