CSX VIRTUAL CYBER ACADEMY: SELF-PACED TRAINING SUBSCRIPTION

A full year of continuous, hands-on cybersecurity training.

Difficulty: Multilevel

CSF Domain: All domains

$3,295.00

Price represents the non member rate.

Buy now

Buy Early and Save $500!

Now just US $2,995 members/US $3,295 non-members!

Regularly US $3,495 for ISACA members/US $3,795 for non-members for one year

Offer good through 31 October 2018.

Save even more on the Self-Paced Subscription and other CSX products as an ISACA member! If you are already a member, make sure to add your ISACA ID to your Nexus profile to take advantage of your membership benefits and generate your discounted member price. If you are not yet an ISACA member, click here for more information on membership and to purchase. Be sure to bookmark this page so that you can return once you have completed your purchase. At that point, you will need to follow the steps above to receive your discount.

Summary

The Cybersecurity Nexus (CSX) Virtual Cyber Academy is a comprehensive, real-world training solution designed to help cybersecurity professionals build real technical skills by learning to combat real threats in a live, dynamic network environment. Train whenever and wherever you want, with 24/7 access and a cloud-based learning platform.

We will help you stay on top of current threats, and the latest tools and techniques to handle them, with a full year of unlimited access to our extensive library of practice labs and instructional, 16-hour courses.

You will have access to more than 90 labs, spread out over multiple subject matter-specific courses and lab volumes. Each lab features performance-based scoring, with immediate success metrics at the end of each lab, so you will be able to measure your progress throughout training.

With continuous updates and the addition of new labs and courses throughout the year, you will not only have access to our existing catalog, but you will have access to new courses and labs added within your subscription period.

Click through the menu below to see everything currently available and included in your CSX Virtual Cyber Academy subscription and to take a closer look at what you will learn:

These virtual, self-paced instructional courses will help you build real technical skills through hands-on learning in a live and dynamic network environment. Each course offers detailed instruction and guidance, along with hands - on lab work - in a comprehensive 16-hour virtual format. Learn at your own pace and track your progress along the way, with performance-based scoring of every effort. Earn up to 80 hours of continuing professional education (CPE) credits with currently-available courses, and much more by year-end!

Courses are presented in the suggested order in which they should be taken.

The Cybersecurity Nexus (CSX) Packet Analysis Course (CPAC) provides students an understanding of packet and protocol analysis. Students will work with real network traffic captures in real environments and will analyze different communication types and their components. Upon completion, students will be able to passively analyze packet captures and create network topologies and device characterizations - valuable traits in the cybersecurity field.

16

Continuing Professional Education (CPE) Credits

Course Content and Labs

Lesson What is Packet Analysis?

In this lesson, students will:

  • Gain familiarization with the OSI model
  • Understand the role of packets in online communications
  • Identify when the application of packets is appropriate
  • Understand the basic composition of a packet

Lesson Tools of the Trade

In this lesson, students will:

  • Understand the basics of tapping the network
  • Understand the options available for packet analysis software
  • Demonstrate a basic understanding of Wireshark and its capabilities

Lesson Common Protocols

In this lesson, students will:

  • Understand the definition of protocol
  • Understand the definition of port
  • Understand specific protocols which help conduct packet analysis
  • Identify which protocols are helpful for device characterization
  • Identify which protocols are helpful for network mapping

Lesson Data Manipulation

In this lesson, students will:

  • Understand where to find packets
  • Understand how to capture packets in Wireshark
  • Understand how to filter certain types of data

Lab/Instructional Protocol Parsing

Students will leverage Wireshark to identify basic information from a packet capture.

Lab/Instructional ARP Analysis

Students will leverage Wireshark to identify dissect and understand ARP packets.

Lab/Instructional Initial Connection

Students will leverage Wireshark to identify dissect and understand the type of network activity associated with Internet Control Messaging Protocol (ICMP) and traceroute activity.

Lesson Device Characterization

In this lesson, students will:

  • Understand what types of devices emit packets
  • What unique identifiers those devices have
  • How to find those unique emitters in a packet collection
  • How to characterize those devices

Lab/Instructional Interesting Searches

Students will learn how to conduct packet analysis to identify the types of searches which devices are executing on their network.

Lab/Challenge Additional Pets

Based on what students have learned, thus far, they are challenged to conduct preliminary analysis on a provided packet capture in order to ascertain information about the device and individual using it.

Lab/Instructional GET Request and Response Dissection

Understanding the user-agent affiliated with devices allow analysts to assess what kind of devices are on their network of responsibility. This course will show students how to properly evaluate a user-agent and characterize a system. Additionally, it will illustrate how to gain contextual information from GET Requests and server responses.

Lab/Challenge Nefarious Employee

Using the skills learned thus far in the course, students will characterize the traffic and device of a potentially nefarious employee, suspected of selling company secrets.

Lab/Instructional Playing Around

This lab leverages all of the Wireshark filters and methods presented in the course thus far to show a student how to characterize network traffic and an individual on the network.

Lesson Wireless Packets

In this lesson, students will:

  • Understand the wireless medium on a basic level
  • Understand how to collect wireless packets
  • Understand how to analyze wireless packets

Lab/Instructional Probe Request Analysis

This lab leverages demonstrates how to analyze a probe request. Students learn what key information can be pulled out of a probe request about a device and a wireless network.

Lab/Challenge Beacon Analysis

This lab leverages requires students to leverage the skills and filters learned in the probe request lab and use them to analyze a captured beacon packet.

Lesson Network Topology

In this lesson, students will:

  • Understand how to map networks based off packet collection
  • Corroborate dataflow and protocol usage
  • Create a visual network map of the collected data

Lab/Instructional Network Topology

Understanding how to create a network map from a provided packet capture is important for individuals desiring to gain a better understanding of a network, but are prohibited from disrupting the network by introducing packets into the medium.

Lab/Instructional Wireless Network Topology

Using the skills you have learned so far, create a network topology (netmap) of the 192.168.1.0 network in the provided packet capture. Successful completion of the lab will demonstrate the comprehension of all labs up to this point.

Lesson Threat Analysis

In this lesson, students will:

  • Understand specific threats against a network
  • Comprehend unique traits inherent to defined threats
  • Understand how to identify specific threats via packet analysis

Lab/Instructional Blaster Worm Analysis

Understanding how systems become infected and recognizing affiliated packets is an important skill for incident responders and IT personnel. In this lab, students will analyze a Blaster worm infection's affiliated packets.

Lesson Mobile Analysis

In this lesson, students will:

  • Identify mobile devices via packet analysis
  • Identify mobile apps via packet analysis
  • Understand how these systems are inherently vulnerable
  • Identify methods through which they may be exploited

Lab/Challenge Rogue Access Point and Mobile Analysis

Students will identify and characterize the rogue access point that is connected to a network of responsibility. They will also assess the traffic on the access point to determine what type of device is using it and what that device is doing.

Lesson Brining it All Together

In this lesson, students will:

  • Device Characterization
  • Mobile Identification
  • Netmapping
  • Wireless Assessment
  • Attack Recognition

Lab/Challenge Complete Netmap and Device Characterization

Students will leverage all of the skills learned in this course to provide in-depth analysis of a provided capture. Final submissions will include a complete network topology and a fully characterized device.

The Cybersecurity Nexus (CSX) Linux Application and Configuration (CLAC) course provides students an understanding of Linux operating systems, commands, and capabilities. Students will work with real Linux systems in real environments and will leverage commands, applications, and toolsets to complete tasks in a cybersecurity environment. Upon completion, students will be able to proactively leverage Linux to navigate, connect, and enhance business systems and networks - valuable traits in the cybersecurity field.

16

Continuing Professional Education (CPE) Credits

Course Content and Labs

Lesson Introduction to Linux

In this lab, students will:

  • Obtain an overview of Linux
  • Understand what types of Linux exist
  • Learn what constitutes a Linux variant
  • Understand the shell
  • Learn the basics of the Linux directory structure

Lab/Instructional Installing Linux

The start of the CLAC course, students will learn how to install and start using Linux Mint, a user-friendly operating system variant. In this lab, students will:

  • Install, partition, and set up Linux Mint
  • Understand the Linux file system by navigating the Graphical User Interface (GUI)

Lesson The Shell and Navigation

In this lab, students will:

  • Learn detailed information about the shell
  • Identify key navigation commands
  • Learn how to implement basic commands

Lab/Instructional Shell and Navigation

Students are introduced to basic commands which they can leverage in the Linux command line interface (CLI). In this lab, students will:

  • Use basic commands to further understand the Linux file system
  • Use commands to create, remove, and copy files

Lab/Instructional Files, Directories and, Information

Students are provided an opportunity to demonstrate their ability to execute basic Linux terminal commands and navigate different directories. In this lab, students will:

  • Demonstrate their knowledge of information from the first two labs (using Linux GUI and CLI) to execute the appropriate commands.

Lesson Files and Standard I/O

In this lab, students will:

  • Learn about hard and symbolic links
  • Implement more advanced commands
  • Manipulate files and file contents
  • Redirect the Linux Standard Input/Output

Lab/Instructional Files and Standard I/O

Students are introduced to the standard input and output capability of the Linux terminal and learn additional commands which will help them leverage Linux effectively. In this lab, students will:

  • Understand Linux standard input and output by using additional commands in the terminal

Lesson Command Line Interface (CLI) Tricks, User Management and Services

In this lab, students will:

  • Learn about bash history
  • Utilize TAB-Autocomplete functionality
  • Switch between consoles for multi-tasking
  • Environment Variables
  • Add and remove Users and Groups
  • Learn to services

Lab/Instructional Command Line Interface (CLI) Tricks

Students learn additional Linux terminal commands which better enable understanding of bash history and environment variables. In this lab, students will:

  • Execute commands to reveal bash history
  • Use tab completion to make navigation easier
  • Understand how environment variables are stored and used

Lab/Instructional Services and Users

Students will learn the how user and group accounts work within the Linux environment and how they impact files and file permissions. In this lab, students will:

  • Understand the importance of users, groups, and file permissions
  • Start, stop, and check the status of services within Linux

Lesson Networking in Linux

In this lab, students will:

  • Setup a network interface controller (NIC) within the CLI
  • Edit networking configuration files
  • View routes and networking rules
  • Monitor Network Functionality

Lab/Instructional Networking

Students learn various networking commands and gain a deeper understanding of the networking capabilities within Linux. In this lab, students will:

  • Use networking commands and tools to connect to various servers

Lab/Instructional Users and Networking

Students will demonstrate their ability to leverage key Linux commands learned thus far in the course, creating users, variables, and network connections. In this lab, students will:

  • Use previous labs to create users and environment variables on their own
  • Use previous labs to establish a network connection

Lesson Package Management, Archives and Compiling

In this lab, students will:

  • Explore the aptitude package management system
  • Use Aptitude to find, install, and remove packages.
  • Conduct File Management with Archive Utilities
  • Compile an executable

Lab/Instructional Package Management, Archives and Compiling

Students learn how package managers function and how to compress and archive files using TAR. Additionally, they will learn how to compile source code. In this lab, students will:

  • Understand Aptitude's package management system
  • Archive files using TAR
  • Compile source code

The Cybersecurity Nexus (CSX) Network Application and Configuration (CNAC) course provides students a fundamental understanding of how to establish, enhance, and enable organizational networks. Students will work with real networks in real environments and will leverage real tools, techniques, and skills to complete tasks in a cybersecurity environment. Upon completion, students will be able to set up networks, troubleshoot issues, and mitigate specific network-based attacks– valuable traits in the cybersecurity field.

16

Continuing Professional Education (CPE) Credits

Course Content and Labs

Lesson Introduction to Networking Concepts

In this lab, students will:

  • Understand the OSI and DoD TCP/IP models
  • Review commonly used ports and protocols
  • Understand various network types
  • Review network topologies and media types

Lab/Instructional Initial Configuration

As an employee new to the field of the technical side of networks, it is your responsibility to get a basic understanding of initializing and configuring a pfSense router. In this lab, students will set up a pfSense configuration. In this lab, students will:

  • Configure a pfSense box using its web user interface

Lab/Instructional Router Familiarization

Without understanding the command line interface (CLI) or the graphical user interface (GUI) of an organizations gateway and firewall, you will find yourself lost in confusion when an incident occurs. It is your responsibility to understand how to bounce back if need be. In this lab, students will:

  • Gain an understanding of the pfSense command line interface
  • Familiarize yourself with the Web Interface and functionality

Lesson IP Addressing

In this lab, students will:

  • Understand the OSI and DoD TCP/IP models
  • Review commonly used ports and protocols
  • Understand various network types
  • Review network topologies and media types

Lab/Instructional Setting up a LAN and a WAN

Understanding the difference between a Wide Area Network (WAN) and Local Area Network (LAN) connection is pivotal to cybersecurity analysts and network engineer's alike. In this lab, students will set up and conduct basic configuration of a WAN and LAN interface on a gateway. In this lab, students will:

  • Create and set up the LAN segment of your network
  • Create and set up the WAN segment of your network
  • Create and set up the DMZ segment of your network

Lab/Instructional Connecting Clients

Cybersecurity professionals understand that most clients do not magically connect to a network unless Dynamic Host Configuration Protocol (DHCP) is involved. Even then, the use of DHCP needs to be established at key points within a network and requires configuration. In this lab, students will:

  • Setup a client on a network
  • Setup a web server on a network

Lab/Instructional Connecting Clients

Cybersecurity professionals should be able to set up and back up their router and firewall configurations in the event of an incident. Ensuring that these backups are on hand is pivotal, yet, more important is that they exist in the first place. In this lab, students will:

  • Set up a LAN
  • Set up a WAN
  • Set up a DMZ

Lesson Network Threats and Response

In this lab, students will:

  • Security weaknesses of networks
  • Identification of threats and vulnerabilities
  • Security Assessments and Testing
  • Common threat types
  • Tools used to monitor and protect network assets

Lesson Security Mechanisms

In this lab, students will:

  • Learn the importance of network security mechanisms
  • Identify and implement various system hardening techniques
  • Determining security that meets your needs
  • Identify commonly targeted entry points

Lab/Instructional Basic Configuration

Simply providing connectivity to an organization is insufficient when considering cybersecurity implications. Ensuring that a firewall is properly configured will guarantee a higher degree of safety when organizational users access to network resources. In this lab, students will:

  • Block a specific port on a network
  • Block traffic from the DMZ
  • Block traffic from the LAN

Lab/Instructional Port Forwarding and VPN Setup

Many organizations make use of virtual private networks (VPNs) to protect data coming into and leaving the network. Many remote workers, for example, rely on VPNs to ensure that they can securely work on a corporate network from a distance. In this lab, students will:

  • Configure a VPN tunnel
  • Configure port forwarding rules

Lab/Instructional Exploitation Identification and Response

Identifying when an exploitation is on a network is one of the key abilities which separates a cybersecurity professional from other IT work roles. Identifying when an exploit is sending data out of a network of responsibility and stopping the data leakage ensures that organizations can safely commence disaster recovery proceedings without losing additional data. In this lab, students will:

  • Conduct network log analysis
  • Lockdown the network via the firewall
  • Lockdown the network on the client side

Lesson Backup and Recovery

In this lab, students will:

  • Understand the importance of network availability
  • Identify common issues that must be overcome
  • Review a variety of storage approaches
  • Understand the importance of patch and update management

Lab/Instructional Detecting, Responding, Recovering from a Network Attack

Students have learned a myriad of networking skills throughout this course and this final challenge will require them to critically apply all of their newfound talents to an incident occurring on their network of responsibility. In this lab, students will:

  • Identify the active threat on the network
  • Utilize the active threat on the network

The Cybersecurity Nexus (CSX) Penetration Testing Overview (CPTO) course provides students an introductory understanding of penetration testing and ethical hacking. Students will work with real systems in real environments and will leverage real vulnerability analysis and exploitation tools in a live environment. Upon completion, students will understand the overall concepts guiding penetration testing from a practical, hands-on vantage point.

16

Continuing Professional Education (CPE) Credits

Course Content and Labs

Lesson Introduction to Penetration Testing

In this lab, students will:

  • Understand an ethical hacking overview
  • Learn the methodology
  • Note the essential hacking tools
  • Learn basic Linux commands

Lab/Instructional Linux Shell and Commands

The Unix bourne-again shell, also known as Bash, is a command processor that runs in the Kali Linux terminal. Bash scripting and command execution is the foundation of penetration testing. In this lab, students will:

  • Use Kali Linux in order to begin their penetration testing journey
  • Execute commands in order to create a foundation for this two-day series

Lesson TCP/IP Basics

In this lab, students will:

  • Learn both network vulnerabilities and network based attacks
  • Understand basics of TCP/IP Protocol
  • Understand basic commands to get network and process information
  • Learn network-based commands

Lab/Instructional TCP/IP Basics

In Linux, viewing and configuring network connections is not only a fundamental aspect of computer and network security, but it is also an essential piece of the penetration testing infrastructure. In this lab, students will:

  • Use Kali Linux in order to continue their penetration testing journey
  • Execute commands in order to understand the networking side of not just penetration testing, but also Linux as a whole

Lesson Reconnaissance

In this lab, students will:

  • Learn information gathering techniques
  • Learn about reconnaissance tools
    • Maltego
    • Shodan
    • Google Hacks
    • Recon-NG
  • Identify and map networks
  • Use packet analysis tools

Lab/Instructional Packet Inquiry

Wireshark is a free and open source network protocol analyzer that is both efficient and effective. In Kali Linux, packets are captured in Wireshark by penetration testers and cybersecurity professionals on a daily basis. In this lab, students will:

  • Use Kali Linux to ping an Ubuntu server
  • Use Kali Linux to connect to an Ubuntu server via FTP
  • Use Wireshark to analyze the ICMP and FTP packets that they generated

Lab/Instructional Network Discovery

Again, Wireshark is a free and open source network protocol analyzer that is both efficient and effective. It is necessary for penetration testers to understand the packets that are traversing through a network segment while discovering network hosts and navigating to websites. In this lab, students will:

  • Use Kali Linux to navigate to nexus.isaca.org
  • Use Kali Linux to conduct a ping sweep in order to find the default gateway
  • Use Wireshark to analyze the TCP packets outlining a three-way handshake

Lesson Enumeration

In this lab, students will:

  • Use the Network Mapper and its associated GUI version, Zenmap
  • Learn basic TCP/IP services and version in relation ports and their states
  • Understand the relation between traffic and packets
  • Get a hands-on learning experience of the TCP three-way handshake

Lab/Instructional Service Enumeration

The CLI tool, nmap, and its GUI counterpart, Zenmap, are both extremely important when it comes to identifying and enumerating network hosts, ports and services, and more. In this lab, students will:

  • Use Kali Linux to conduct a few different nmap scans of the LAN network
  • Use Kali Linux to conduct a Zenmap intense (plus UDP) scan of the LAN network
  • Use Wireshark to analyze the UDP packets generated

Lesson Vulnerability Identification

In this lab, students will:

  • Identify vulnerabilities
  • Check out the National Vulnerability Database (nvd.nist.gov)
  • Check our an example exploit repository (exploit-db.com)
  • Use vulnerability assessment tools
  • Be introduced to the Metasploit Framework
  • Use Metasploit auxiliary modules to identify credentials allowing access to TCP/IP Services

Lab/Instructional Network Vulnerability Identification

Metasploit is a software project that is arranged for penetration testing. Metasploit provides essential information about computer and network security vulnerabilities and helps users exploit machines. In this lab, students will:

  • Use Kali Linux to start the database's essential services
  • Use the Metasploit Framework console to fetch MySQL and Tomcat usernames and passwords from a remote system

Lab/Instructional Vulnerability Exploitation

Using the results of an exploit to enable another exploit is something penetration testers do on a daily basis. Once their exploits take them deep enough into a remote system, using MySQL syntax to navigate a MySQL database can be a crucial skill when they're in search of information. In this lab, students will:

  • Use information from the previous lab to enable deeper MySQL and Tomcat exploits
  • Navigate a MySQL database and become familiar with MySQL syntax

Lesson Reporting

In this lab, students will:

  • Verify findings via TCP/IP analysis
  • Review configurations
  • Analyze root cause
    • Configuration Management
    • Hardening Process
    • Build/Deployment Process
    • Patch Management
    • Vulnerability Management (Assessment/Remediation)

Lesson Security Controls

In this lab, students will:

  • Analyze network security assessment areas
  • Learn security architecture & design
  • View firewall technologies
  • Note switch, VPN, and VLAN security
  • Analyze IDS and IPS
  • Assess wireless security

Lesson Evidence Removal

Removing evidence, also known as covering your tracks, is the last step in penetration testing. Although it is the last step, it is by far not the least important. In this lab, students will:

  • Use Kali Linux to remotely remove logs and bash history from a Metasploitable machine
  • Use Kali Linux to remove command history from a Metasploit Framework console session

Lab/Challenge Challenge 01

This challenge is based on the first four labs of this series. This lab reflects the Identify domain of penetration testing. In this lab, students will:

  • Execute commands to understand local settings in Kali Linux
  • Use Kali Linux to ping an Ubuntu server
  • Use Kali Linux to conduct a LAN ping sweep
  • Use Wireshark to analyze the traffic captured in the above steps

Lab/Challenge Challenge 02

This challenge is based on the last four labs of this series. This lab reflects the Identify, Detect, and Recover domains of penetration testing. In this lab, students will:

  • Use Kali Linux to run a LAN nmap version scan
  • Use the Metasploit Framework console to identify credentials to a remote machine's service
  • Use the Metasploit Framework console to exploit a remote machine
  • Cover tracks by erasing logs

The Cybersecurity Nexus (CSX) Vulnerability and Exploitation Course (CVEC) provides students, who possess a basic understanding of penetration testing, a deeper understanding of vulnerability identification and exploitation capabilities. Students will work with real systems in real environments and will leverage real vulnerability analysis and exploitation tools in a live environment. Upon completion, students will understand the how to successfully exploit and maintain a presence within information systems.

18

Continuing Professional Education (CPE) Credits

Course Content and Labs

Lesson Open Source Research

In this lab, students will:

  • Gain an insight into terminology
  • Understand the process of Footprinting
  • Be able to conduct open source research on a target
  • Become familiar with Google "Hacks"
  • Learn the syntax for commonly used open source tools in Kali Linux

Lab/Instructional Footprinting

This lab instructs students on the basics of open source researching a target domain. In this lab, students will:

  • Conduct Google Hacks queries on a target domain.
  • Discover hidden pages within a domain
  • Record results into a document

Lesson Initial Vulnerability Scan

In this lab, students will:

  • Discover the techniques used to identify a known vulnerability
  • Learn what Vulnerability Scanning is
  • Become familiar with the installation and setup process of OpenVAS
  • Prepare for the Vulnerability Scanner setup lab

Lab/Instructional Initial Vulnerability Scan Setup

OpenVAS is a popular open-source vulnerability scanner and management tool. One of the tools included with OpenVAS is the Greenbone Security Assistant (GSA), a web application which connects to the OpenVAS manager daemon to provide a GUI for vulnerability management. In this lab, you'll become familiar with how these tools work and how to use them. In this lab, students will:

  • Verify OpenVAS was installed correctly
  • Use the Greenbone Security Assistant to create Targets and Tasks
  • Perform a vulnerability scan on the Metasploitable VM

Lesson Vulnerability Identification

In this lab, students will:

  • Learn to research vulnerabilities
  • Identify the severity of vulnerabilities
  • Find the patch levels of various operating systems:​
    • Linux
    • OSX
    • Windows

Lab/Instructional Vulnerability Analysis

Conducting a vulnerability scan is important. In this lab, students will learn how to interpret the results from the vulnerability scans. In this lab, students will:

  • Analyze Past Vulnerability Reports
  • Conduct Research using Exploit-DB
  • Conduct Research using the Metasploit Framework

Lesson Basic Exploitation

In this lab, students will:

  • Discover the details of the VSFTP backdoor vulnerability
  • Learn the Metasploit Options of this exploit
  • Run this exploit against a target to gain unauthorized access

Lab/Instructional Initial Exploitation

It's important to realize not all exploits require scripted code and payloads. Sometimes a simple Nmap scan - coupled with a Telnet connection and a clever username - is all you need! In this lab, students will:

  • Use banner grabbing to footprint a system.
  • Access the Metasploitable VM via a backdoor
  • Generate a report on the target using information discovered through backdoor access

Lesson Privilege Escalation

In this lab, students will:

  • Learn about privileges on a system
  • Remote copy and compile local exploit
  • Utilize local exploits to escalate privileges on a system
  • Create Netcat listeners to receive connections from exploit

Lab/Instructional Privilege Escalation

Privilege escalation exploits are one of the most common exploit types. By exploiting flaws in the OS, this type of exploit allows a user to elevate their level of system access. Once elevated, a user can make permanent changes and gain control of the vulnerable system. In this lab, students will:

  • Create a Netcat port listener for the privilege exploit backdoor callback
  • Compile the exploit C code and make the compiled code executable
  • Gain backdoor access to Metasploitable and confirm privilege escalation

Lesson Backdoor Implants

In this lab, students will:

  • Learn about backdoor access to a system
  • Create backdoors using netcat​

Lab/Instructional Backdoor Implementation

This lab will take students through creating backdoors in systems as well as implementing inadvertent backdoors and exploitations. In this lab, students will:

  • Create listening ports for backdoor access
  • Utilize exploits and inadvertent backdoors

Lesson Covering Tracks

In this lab, students will:

  • Learn about covering tracks from a system intrusion
  • Use system commands to modify date/time stamps on files
  • Search log files for evidence
  • Delete evidence from log files

Lab/Instructional Covering Tracks

When a system is accessed, either by normal or clandestine operations, evidence is left behind in log files. Sanitation of those log files is important to cover up any activity that had taken place. In this lab, students will:

  • Change timestamps of files
  • Sanitize log files
  • Utilize Armitage

Lesson System Exploration

In this lab, students will:

  • Learn about possible valuable information a system.
  • Find the locations of password files on a system.
  • Crack passwords.
  • Discover open network file shares.

Lab/Instructional Deeper Exploration

Once a system has been compromised with administrator level access all sensitive system information is available to the attacker. In this lab, we'll take you through obtaining that system information. In this lab, students will:

  • Exfil and crack password files
  • Exfil system configuration files
  • Exfil other sensitive system information

Lab/Challenge Challenge

This is a challenge lab for the CVEC series which is based on the materials covered in the previous 8 labs. In this lab, students will:

  • Scan the Metasploitable VM with GSA
  • Identify a backdoor in Metasploitable
  • Access the backdoor using Netcat

The Cybersecurity Nexus (CSX) Advanced Exploitation Course (CAEC) provides students, who possess an in-depth understanding of penetration testing, a deeper understanding of traversing complex networks. Students will work with real systems in real environments and will leverage real exploitation and pivoting tools in a live environment. Upon completion, students will understand the how to successfully exploit and move through a number of hosts on a network.

16

Continuing Professional Education (CPE) Credits

Course Content and Labs

Lesson Pivoting and Tunneling

In this lesson, students will:

  • Learn about data redirection basics
  • Gain an understanding of different pivoting techniques

Lesson SSH Tunneling

In this lesson, students will:

  • Learn about SSH port forwarding
  • Pivot through an SSH tunnel
  • Exploit through an SSH tunnel
  • Pivot through multiple devices using SSH

Lab/Instructional SSH Tunnel Implementation

In this lab, students will:

  • Use Kali Linux to create SSH tunnels in order for a LAN machine to communicate with a DMZ server
  • Enumerate Services via an SSH tunnel
  • Exploit a device via an SSH tunnel

Lab/Instructional Multiple SSH Tunnel Exploitation Implementation

In this lab, students will:

  • Pivot through multiple devices using SSH tunnels
  • Enumerate services through multiple devices
  • Utilize Metasploit to exploit a remote system via multiple tunnels.

Lesson Metasploit PortProxy

In this lesson, students will:

  • Learn about the PortProxy Metasploit module
  • Interact with Meterpreter
  • Pivot through Windows hosts
  • Run exploits through PortProxy

Lab/Instructional Metasploit PortProxy Implementation

In this lab, students will:

  • Use PortProxy to establish multiple pivot points.
  • Redirect port scans to a target machine
  • Establish a backdoor on the target machine via pivot points

Lesson Meterpreter Autoroute Implementation

In this lesson, students will:

  • Learn about Meterpreters AutoRoute function.
  • Pivot using AutoRoute
  • Run exploits through AutoRoute

Lab/Instructional Autoroute Implementation

In this lab, students will:

  • Use metasploit to gain perimeter access.
  • Use AutoRoute to pivot through network.
  • Exploit through AutoRoute.

Lab/Instructional Interesting Searches

Students will learn how to conduct packet analysis to identify the types of searches which devices are executing on their network.

Lab/Challenge Network Assessment

Based on what students have learned, thus far, they are challenged to enumerate and pivot through multiple devices and networks in order to capture a flag from the target machine.

The Cybersecurity Nexus (CSX) Advanced Exploitation Course (CAEC) provides students, who possess an in-depth understanding of penetration testing, a deeper understanding of traversing complex networks. Students will work with real systems in real environments and will leverage real exploitation and pivoting tools in a live environment. Upon completion, students will understand the how to successfully exploit and move through a number of hosts on a network.

16

Continuing Professional Education (CPE) Credits

Course Content and Labs

Lesson Pivoting and Tunneling

In this lesson, students will:

  • Learn about data redirection basics
  • Gain an understanding of different pivoting techniques

Lesson SSH Tunneling

In this lesson, students will:

  • Learn about SSH port forwarding
  • Pivot through an SSH tunnel
  • Exploit through an SSH tunnel
  • Pivot through multiple devices using SSH

Lab/Instructional SSH Tunnel Implementation

In this lab, students will:

  • Use Kali Linux to create SSH tunnels in order for a LAN machine to communicate with a DMZ server
  • Enumerate Services via an SSH tunnel
  • Exploit a device via an SSH tunnel

Lab/Instructional Multiple SSH Tunnel Exploitation Implementation

In this lab, students will:

  • Pivot through multiple devices using SSH tunnels
  • Enumerate services through multiple devices
  • Utilize Metasploit to exploit a remote system via multiple tunnels.

Lesson Metasploit PortProxy

In this lesson, students will:

  • Learn about the PortProxy Metasploit module
  • Interact with Meterpreter
  • Pivot through Windows hosts
  • Run exploits through PortProxy

Lab/Instructional Metasploit PortProxy Implementation

In this lab, students will:

  • Use PortProxy to establish multiple pivot points.
  • Redirect port scans to a target machine
  • Establish a backdoor on the target machine via pivot points

Lesson Meterpreter Autoroute Implementation

In this lesson, students will:

  • Learn about Meterpreters AutoRoute function.
  • Pivot using AutoRoute
  • Run exploits through AutoRoute

Lab/Instructional Autoroute Implementation

In this lab, students will:

  • Use metasploit to gain perimeter access.
  • Use AutoRoute to pivot through network.
  • Exploit through AutoRoute.

Lab/Instructional Interesting Searches

Students will learn how to conduct packet analysis to identify the types of searches which devices are executing on their network.

Lab/Challenge Network Assessment

Based on what students have learned, thus far, they are challenged to enumerate and pivot through multiple devices and networks in order to capture a flag from the target machine.

Individual Labs

Stay on top of the latest threats and build your technical skillset with a unlimited access to a robust library of self-guided, on-demand practice labs. Labs are updated regularly to help you build skills that reflect the latest real-world threats and scenarios. Guided work in our live network environment will help you learn by actually doing - and provide you with a safe space to practice critical skills without impacting operations. Our growing library is continually updated to keep you relevant, and new volumes of labs are added quarterly. There are currently 39 labs available as part of your subscription, and we will be adding more throughout your subscription period. Earn up to 78 continuing professional education (CPE) credits with currently available labs, and much more by year-end!