Cyber Range

MITRE ATT&CK – Resource Development Cyber Range

Resource development involves techniques of creating, buying, stealing, or compromising resources to carry out an attack.

The labs

Train hands-on

  • MITRE ATT&CK – Resource Development – Building Custom Tools

    Understanding how tools are built allow a user to modify those tools to their needs or create new tools for the task at hand. This lab teaches the user to re-create functionality of known tools such as Nmap and Netcat as well as tools that can be used for enumeration and vulnerability scanning.

  • MITRE ATT&CK – Resource Development – Web-based Command and Control Server

    This lab entails a series of Mitre ATT&CK techniques and sub techniques with the aim of learning how a compromised web server can be used as a Command and Control server to launch attacks to other targets.

  • MITRE ATT&CK – Resource Development – Python-based Keylogger

    Learn and create a Python-based keylogger utilizing Object-oriented programming principles to email the keystrokes to the user using a mail server as the information gathering unit.

  • MITRE ATT&CK – Resource Development – Malicious Linux Packages

    Debian is a robust and reliable system that uses APT as its default package manager. The APT package manager handles how software packages are downloaded and installed on Linux systems, including Debian and Ubuntu. Unofficial package repositories replace any package they want freely, and there is no clear trust path between the user and the developer. The adversaries usually exploit Debian-based systems by creating malicious repositories for the APT packet manager and distributing them to the victims. Once exploited, the vector of attacks proprietary increases.

  • MITRE ATT&CK – Resource Development – Establishing Accounts

    This lab incorporates a series of Mitre ATT&CK techniques and sub techniques to identify and access website resources that could contain information of value. That information will be used to compromise accounts and establish access to target servers.

  • MITRE ATT&CK – Resource Development – Compromising Accounts

    Information Technology and its staff are committed to ensuring a safe and secure computing environment for employees and students. To this end, there are instances where computer accounts must be disabled to protect the account, its owner and to protect sensitive information that resides on administrative and academic computing resources. In some cases, compromise of these accounts can be caused by simple information leakage or profiling techniques, which give attackers the possibility to break in.

  • MITRE ATT&CK – Resource Development – Webshells

    In this lab, the student learns to develop and stage several webshells and how to determine which webshell should be uploaded to a web server. The compromised infrastructure is then used to deploy drive-by attacks.

  • MITRE ATT&CK – Resource Development – Stored Firefox Credentials

    This lab incorporates a series of Mitre ATT&CK techniques and sub techniques to show how they can be intertwined to steal saved credentials from firefox.

  • MITRE ATT&CK – Resource Development – Python-based Command and Control server

    This lab shows how to develop a stable Python-based Command and Control Server using the socket library and creating a reusable script which can be converted into an executable to be run on different targets.

  • MITRE ATT&CK – Resource Development – Malicious APK

    Android Package (APK) is the Android application package file format. This package is used by the Android operating system and many other Android-based operating systems to distribute and install mobile apps, mobile games, and middleware. The APK files install apps on the system. Therefore, they pose a severe security threat. Adversaries with malicious intentions could modify the APK before prior to its installation and use it as a digital Trojan to install and run malware.

  • MITRE ATT&CK – Resource Development – Drive-by Scenarios

    This lab incorporates a series of Mitre ATT&CK techniques and sub techniques to show several drive-by attack scenarios and learn how to identify them.

No software. No set up. Unlimited access.

Skip the server racks and spin up a realistic environment with one click. lnfosec Skills cyber ranges require no additional software, hardware or server space so your team can spend less time configuring environments and more time learning. Unlimited cyber range access is included in every Infosec Skills subscription so your team can skill up however they learn best.

Plans & pricing

  • Infosec Skills Personal

    $299 / year

    • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Custom certification practice exams (e.g., CISSP, Security+)
    • Skill assessments
    • Infosec peer community support
  • Infosec Skills Teams

    $799 per license / year

    • Team administration and reporting
    • Dedicated client success manager
    • Single sign-on (SSO)
      Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
    • Integrations via API
      Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
    • 190+ role-guided learning paths and assessments (e.g., Incident Response)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Create and assign custom learning paths
    • Custom certification practice exams (e.g., CISSP, CISA)
    • Optional upgrade: Guarantee team certification with live boot camps

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

You're in good company

CY

We use Infosec Skills to provide continuous training to our technicians and to prepare them for various certifications. Infosec Skills allows us to create personalized training programs that focus on each of our technicians’ particular roles and see their progress as they take courses. We also, recommend it to clients to make their IT support teams better.

Caleb Yankus

DS

This has been utilized to bridge the skills gap across our cyber team and to aid them as they prepare for their various certifications. It also has provided a nice learning foundation for our various cyber team members to utilize as we continue to find ways for cross-utilization with operations while minimizing the downtime needed to ensure everyone’s knowledge is the same.

Daniel Simpson

IS

We use Infosec Skills to provide base level knowledge for employees. We also use the services to provide in depth learning for employees as they encounter new technologies. If an employee is is assigned to a new project, we can rely on Infosec Skills to provide a rapid concentrated learning environment. This rapid concentrated learning positions our employees for success.

Infosec Skills Teams client