MITRE ATT&CK – Resource Development Cyber Range

Understanding how tools are built allow a user to modify those tools to their needs or create new tools for the task at hand. This lab teaches the user to re-create functionality of known tools such as Nmap and Netcat as well as tools that can be used for enumeration and vulnerability scanning.

Information Technology and its staff are committed to ensuring a safe and secure computing environment for employees and students. To this end, there are instances where computer accounts must be disabled to protect the account, its owner and to protect sensitive information that resides on administrative and academic computing resources. In some cases, compromise of these accounts can be caused by simple information leakage or profiling techniques, which give attackers the possibility to break in.

This lab incorporates a series of Mitre ATT&CK techniques and sub techniques to show several drive-by attack scenarios and learn how to identify them.

This lab incorporates a series of Mitre ATT&CK techniques and sub techniques to identify and access website resources that could contain information of value. That information will be used to compromise accounts and establish access to target servers.

Android Package (APK) is the Android application package file format. This package is used by the Android operating system and many other Android-based operating systems to distribute and install mobile apps, mobile games, and middleware. The APK files install apps on the system. Therefore, they pose a severe security threat. Adversaries with malicious intentions could modify the APK before prior to its installation and use it as a digital Trojan to install and run malware.

Debian is a robust and reliable system that uses APT as its default package manager. The APT package manager handles how software packages are downloaded and installed on Linux systems, including Debian and Ubuntu. Unofficial package repositories replace any package they want freely, and there is no clear trust path between the user and the developer. The adversaries usually exploit Debian-based systems by creating malicious repositories for the APT packet manager and distributing them to the victims. Once exploited, the vector of attacks proprietary increases.

This lab shows how to develop a stable Python-based Command and Control Server using the socket library and creating a reusable script which can be converted into an executable to be run on different targets.

Learn and create a Python-based keylogger utilizing Object-oriented programming principles to email the keystrokes to the user using a mail server as the information gathering unit.

This lab incorporates a series of Mitre ATT&CK techniques and sub techniques to show how they can be intertwined to steal saved credentials from firefox.

This lab entails a series of Mitre ATT&CK techniques and sub techniques with the aim of learning how a compromised web server can be used as a Command and Control server to launch attacks to other targets.

In this lab, the student learns to develop and stage several webshells and how to determine which webshell should be uploaded to a web server. The compromised infrastructure is then used to deploy drive-by attacks.