Important Course Information
CYBRScore Labs Description
Practice your skills in a virtual network environment. Learn by doing wherever you are on your own time at your own pace. CYBRScore Labs are pre-configured hardware layouts with accompanying lab guides for fast, convenient access that make studying for an exam or learning new technologies an engaging experience. CYBRScore Labs are available for use for 6 months after the date of purchase. CYBRScore Labs are hosted online and available 24x7x365.
Penetration Testing & Network Exploitation Lab Content
Linux Target Analysis Labs
Introduces students to host target analysis on Linux systems. Topics include Linux command line, bash scripting and simple programming to enumerate, attack and exploit Linux hosts.
- Using Linux: Students will learn a variety of Linux command line commands to navigate the system, identify users, identify network configuration, search, modify & manipulate files as well as bash scripting.
- More Linux: Students will learn about the Apache web server, creating a file on the server and establishing a secure connection between 2 hosts.
- IP Tables: Linux Firewall: Students will learn how to manipulate firewall rules from the command line to allow traffic to pass out of the network.
- Custom Password Creation with Crunch: Students will learn how to generate password lists for use in password cracking tools.
Windows Target Analysis Labs
Introduces students to host target analysis on Windows systems. Topics include basic through intermediate Windows Command Line skills, PowerShell cmdlets and the PowerShell attack framework called PowerPreter.
- Using DOS: Students will learn a variety of DOS command line commands to navigate the system, identify users, identify network configuration, search, modify & manipulate files as well as scripting in DOS.
- Using PowerShell: Students will receive an overview of PowerShell commands.
- Leveraging PowerShell: Students will learn how to use Windows Management Instrumentation to manage both host and remote systems as well as using PowerPreter to steal password hashes and perform port scans.
LAN Exploitation Labs
Introduces student to basic scanning and exploitation of systems on internal networks that replicate a real-world penetration test. Students learn how to map, discover and exploit web applications, which requires the tester to understand how they communicate and the role the server plays in the relationship. Students learn how to conduct reconnaissance against a web server, followed by mapping its architecture and challenged with discovering vulnerabilities and misconfigurations for follow-on exploitation.
- Scanning LAN Segment: Students use Nmap and Metasploit to identify all of the hosts on the network.
- Verifying Scan Data through Banner Grabbing: Students use netcat to validate the host OS and find open ports on a target host.
- Target Host Enumeration: Students use Metasploit to identify open ports on a target host.
- Exploiting Linux Hosts: Students use Metasploit to execute exploit code on a remote Linux host.
- Web Application Mapping, Discovery and Exploitation with BurpSuite & Nikto: Students use BurpSuite and Nikto to intercept web traffic, scan webservers behind firewalls and inject a PHP attack.
- Windows Restricted Desktop Escape & Exploitation: Students will break into a Windows 7 desktop computer using standard windows tools.
WAN/DMZ Exploitation & Pivoting Labs
Students learn how to simulate an insider threat and escape restricted environments by abusing native services and functionality. Students then move to routed attacks against clients that have NAT devices, firewalls and DMZs deployed. They learn how to exploit a variety of web-facing services and gain access to the DMZ. Once in the DMZ they are asked to pillage the hosts and find additional information to assist in pivoting deeper into the network and into network segments that don’t touch the web directly.
- Scan Web Facing Target IP: Students will use the Metasploit console to scan for live hosts using nmap to identify firewalls, webservers and vulnerabilities.
- Web Application Scanning: Students will use nitko to scan and enumerate webserver applications.
- Web Application Spidering with BurpSuite: Students will use Burpsuite as an intercept proxy to penetrate web applications.
- SSH Exploitation: Students will learn how to establish a route from outside on the Internet with an attack host to a live internal victim computer and establish a compromised DMZ host to an internal LAN segment.
- Scan & Exploit Internal Segment: Students will learn how to extend their access from the internal LAN segment to the rest of the network and perform scans of the larger network.
- Covering Tracks: Students learn how to modify audit logs to cover their tracks.
- Final Challenges: Students are asked to demonstrate their skills by performing the techniques they learned on a new scenario.
What does it mean that this offering aligns to a course?
What is a CYBRScore Lab Bundle?
- CYBRScore Labs are pre-configured hardware layouts with accompanying lab guides for fast, convenient access that make studying for an exam or learning new technologies an engaging experience.
How long will each lab take to complete?
- Each lab consists of multiple tasks that take anywhere from 30 minutes to 2 hours to complete.
Are there any system requirements?
- All you need is an HTML5 compatible browser, such as Google Chrome, Mozilla Firefox, or Microsoft Edge.
How long do I have access to the labs for?
- CYBRScore Labs are available for use for 6 months after the date of purchase. CYBRScore Labs are hosted online and available 24x7x365.
How do I access my purchased labs?
- Once your purchase is complete, Learning Tree will contact you with the URL and login credentials you will use to access your lab bundle.