MITRE ATT&CK: Initial Access Cyber Range

Human Interface Devices(HID) include components like keyboard and mouse, which act as an interface between the machine and human beings.Rubber Ducky looks like a normal USB but is an HID. It finds use in various malicious situations; a malicious actor can use the rubber ducky to inject keystrokes into a system, hack a system, steal credentials, etc. This malicious act completes in seconds if the attacker manages to insert the Rubber Ducky into a computer physically.The strongest attribute of the rubber ducky is that it can bypass any Anti-Virus or FireWall. The reason that rubber ducky cannot get detected is that the computer does not consider HID devices malicious. Rubber Ducky itself can cause a lot of harm to a system, but can also open the way for other attacks. For example, an attacker can use the rubber ducky to disable a system's firewall then proceed with other attacks. It can also steal credentials from computers; via those credentials, it can compromise the victim's social media accounts, credit cards, etc.

The student will complete challenges and learn about Padding Oracle Attacks, Server Side Template Injection, Union-based SQLi, Blind SQLi, and Use of a One-Way Hash with a Predictable Salt.

Public-facing or Internet applications are programs or systems that are available from within the internal network and accessible from the Internet. These applications are responsible for delivering services to the public or allowing access to the internal network.These applications are often connected to databases, standard services (such as SMB or SSH), and other applications with internet-accessible open sockets (such as web servers).

Drive-by Compromise attacks rely on vulnerable users (targets) visiting the infected commonly used websites through which adversaries host malware. These attacks are increasingly becoming a problem due to the numerous malicious hacker groups emerging.

Broken Access Control is one of the most encountered security issues in web applications. This lab will show different versions and exploitation scenarios for this set of security issues.

Exploit a vulnerable Webmin application in order to attach a code snippet to a software product which is used to establish a remote connection.

Heartbleed is a vulnerability in OpenSSL; it allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and encrypt the traffic, the names and passwords of the users, and the actual content.

The Apache Log4j versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an adversary with permission to control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

This lab incorporates a series of Mitre ATT&CK techniques and sub techniques to whos how adversaries can obtain and abuse credentials of existing accounts to gain Initial Access, Persistence, Privilege Escalation or Defense Evasion.