OWASP Top 10

This lab will cover using XSS techniques to steal tokens from other users and using these tokens to escalate to admin privileges.

This lab covers multiple secure coding errors commonly found in Python, including deserialization and XML based attacks.

CompTIA Security+ establishes the core knowledge required of any cybersecurity role and provides a jumping point to intermediate-level cybersecurity jobs. Security+ Lab incorporates best practices in hands-on trouble-shooting to ensure security professionals have practical security problem-solving skills. This Lab aids the CompTIA Security+ training set by providing several challenges specially crafted to convey the concept of Authentication Management and Access Control Schemes clearly and comprehensively.“AAA is a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services.”

When using the Internet, users retrieve or share information. Depending on the application, purpose, and implementation methods, the need to provide data confidentiality, integrity, and authenticity emerges. To ensure these requirements are fulfilled and that only authorized parties have access to the data, the information transmitted over the Internet is obfuscated.

In this lab, students will learn how to identify, exploit, and finally mitigate a path injection vulnerability. By the end of this lab, a student will…1. Be able to identify code that allows for Path Injections.2. Be able to exploit said code to escalate from an unprivileged user to an administrator.3. Be able to implement a secure code solution.

A vast number of tools were developed to aid pentesters in identifying and exploiting vulnerabilities ranging from reconnaissance to scanning and persistence. Knowing which tool to use depends on the services running on the target and the vulnerabilities identified. One way to get this information is by using Nmap, a network mapper that identifies active hosts, open ports, software versions, and known vulnerabilities associated with the software.This lab uses Nmap scans and results to provide practical examples on identifying the right tools to use based on the services running on the target machine. The categories covered include:● Scanners● Credential testing tools● OSINT● Web proxies● Social engineering tools● Remote access tools● Networking tools● Mobile tools● MISC

In this lab you will learn about File Inclusion and Cross-Site Request Forgery attacks.File Inclusion vulnerabilities are caused when unvalidated input parameters are passed to back-end programming functions that access server files. The back end represents the server-side of the application, specifically its code and database. An attacker can change the file name in an HTTP request and include malicious scripts instead. Depending on the script, the attacker can:● Execute code on the server● Perform XSS attacks● Cause a Denial of Service (DOS)● Manipulate data● Access sensitive information……………………………………………………………………………………………………………….Cross-site request forgery (CSRF), also known as XSRF, Sea Surf, or Session Riding, is a vulnerability where unauthorized commands are submitted from a user that the web application trusts. The delivery mechanisms for CSRF attacks are similar to those for Reflected XSS. An attacker uses social engineering to trick the victim into sending a forged request to a server. The server does not block the request since it is made from an authenticated user.

In this lab you will walkthrough an example of both HTML and SQL injections.HTML injections are vulnerabilities created from poor coding techniques and failure to sanitize user input that allow attackers to inject malicious payloads into the website’s HTML code and modify its content. Based on the vulnerability, an attacker can change a few code lines, add entire forms that can then be used to trick users into providing sensitive information or change the website’s entire layout.SQL injection is a web security vulnerability that permits an adversary to inject malicious SQL statements in the queries that an application makes to its database. It allows an unauthorized entity to view data to which they should not have access, like other users’ information

This CTF mainly focuses on the forensic side of security, meaning that it will be on the defending part. Challenges can include file format analysis, steganography, memory dump analysis, or network packet capture analysis.

Infrastructures include different devices, topologies, logical constructions and separations, protocols, user authentication and monitoring services, logging, and security constructs. Maintaining security in such homogeneous environments means that several types of technologies, tools, and defense practices must be combined. Active defense practices aim to outmaneuver adversaries by implementing multiple layers of security and using offensive tools to prevent cyber attacks. These layers of security consist of decoy hosts and traps that are heavily monitored.

This lab showcases the importance of log files in maintaining security and identifying potential breaches and incidents. The lab also provides an overview of rule writing in Security Information and Event Management (SIEM) platforms, using logs that contain traces of a brute-force attack as an example.

Learn about access control lists (ACL), including file and directory ACLs, and default ACLs, as you practice in the Linux Cyber Range.

This lab incorporates a series of Mitre ATT&CK techniques and sub techniques to show how website enumeration can discover resources and underlying technology that the webserver is using

The student will complete challenges and learn about Padding Oracle Attacks, Server Side Template Injection, Union-based SQLi, Blind SQLi, and Use of a One-Way Hash with a Predictable Salt.

Public-facing or Internet applications are programs or systems that are available from within the internal network and accessible from the Internet. These applications are responsible for delivering services to the public or allowing access to the internal network.These applications are often connected to databases, standard services (such as SMB or SSH), and other applications with internet-accessible open sockets (such as web servers).

Broken Access Control is one of the most encountered security issues in web applications. This lab will show different versions and exploitation scenarios for this set of security issues.

This lab focuses on creating and assigning users to groups as well as changing the privileges of said users and groups.

This lab uses an FTP server to demonstrate some of the utilities of the FTP protocol as well as some of the weaknesses.

A comprehensive lab about how to use Node.js safely and build secure applications with it.

In this lab, students will apply the concepts called “Post-Exploitation, Command-and-Control, and SOCKS proxying with Metasploit” and perform the following tasks- We will create Windows malware using msfvenom- Host the malware using Metasploit’s “web_delivery” module and pythons “http.server” module.- Execute the malware on our Windows target to establish a reverse shell- Upgrade our basic reverse shell to the versatile Meterpreter payload- Use process migration to move to a more stable process that isn’t likely to be closed by the victim.- Use the Meterpreter to load additional functionality- Investigate privilege escalation opportunities- Harvest credentials via dumping the local Security Account Manager (SAM) to retrieve password representations (hashes)- Capture keystrokes to collect passwords- Take screenshots- Upload and download files- Modify malware metadata to fool investigators- Enabling wdigest- Load the Mimikatz “kiwi” meterpreter extension and capture credentials- Clear event logs