Cyber Attack Simulation - Level 1
1. INTRODUCTION
COURSE CONTENT
The course is structured in sessions; each one encompasses a short theoretical introduction and a practical exercise.
2.1 SESSION 1:
Introduction to Cyber Defense (fundamental lectures)
Become aware of and understand the different approach and state of mind between Cyber Security vs. Classical Information Security
2.2 SESSION 2:
Practical Introduction to Enterprise Security Administration -Introducing and utilising the cyber security defense tools ,the enterprise components comprising the Cybrave student environment and utilising the students’ roles within the team:
The students will learn how to use the facilities, how to use the cyber defense tools such as SIEM, FW, LOGS, Active directory (etc.), how to detect and how to prevent future attack, and utilise development skills such as leadership, communication and conflict resolution.
2.3 SESSION 3:
Become familiar with Attack stages and the Adversary arsenal
The students will learn and practise the different cyber attack stages, how to detect attacks using different tools, and the difference between actual attacks and false positive alerts.
2.4 SESSION 4:
Trojan Activities
The students will learn how to detect a Trojan in the network using start-up options, event log handling, traffic sniffing and information flow.
2.5 SESSION 5:
Web Attack
The students will learn about the various WEB attacks techniques.
(SQL Injection, XSS, Parameter Manipulation) and practise an exercise of a WEB attack in line with DNS attack.
2.6 SESSION 6:
Advance multi-stage attack scenario #1
The students will practise a multi-stage attack which initiates on one client and later spreads throughout the network. The students will learn to identify the various ingredients of the attack, identify the attack pattern and mitigation activity.
2.7 SESSION 7:
Multiple attack vectors - Advance scenario #2
The students will practise an advanced APT attack with multi-vector techniques that spread throughout the network. The student will independently contain the incident by exercising all the insights that he/she has gained during the course.
2.8 SESSION 8:
Multiple attack vectors - Advance scenario #3
The students will practise an advanced APT attack with multi-vectors techniques that spread throughout the network. The student will independently contain the incident by exercising all the insights that he gained during the course.
IMPORTANT NOTES:
1. Following each session the instructor will review and debrief each student’s actions, his/her activities and successes. Each session will be complemented by an in-depth explanation of the full vector attack taken in the scenario, providing the students with insights, explaining the "text book solution" and giving each student their final score.
Key words covered in the course:
Stuxnet & Flame
Web Server
Active Directory
Exchange Server
Firewall
Endpoint Security
SIEM
DUQU Attributes: Malicious HTTP Activity, Registry Entries, Malicious Files, Task Scheduler. Event Log Messages
Port Scan
Brute Force
Backdoor
DNS Hijacking
SQL Injection
Hosts File Manipulation
Change DNS Server
Netcat Reverse Shell
Netcat – Internal Port Scan
Remote Exploit
Metasploit
Webcrawl
Host Scan
Lateral Brute Force
Trojan
Contact C&C server
Local Hash Dump
Crack local admin password
Domain Hash Dump
Botnet Spread
Socially engineered mail
Using local credentials
Create Bot Network
