Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Category/Course/Module Catalog
September 2020
Table of Contents
Category/Course/Module Mapping 5
Tutorial 5
Platform Tutorial 5
Web Application Security Essentials 5
Injection: OS Command Injection 5
Injection: SQL Injection 5
Sensitive Data Exposure 5
Injection: NoSQL Injection 6
Security Misconfiguration Cookie Security 6
Cross-Site Scripting XSS 6
Insecure Deserialization 6
Broken Access Control: Insecure Direct Object Reference 7
Broken Access Control: Path Traversal 7
Broken Access Control: Unrestricted File Upload 7
XML External Entities (XXE) 7
Broken Authentication JSON Web Token Security 7
Injection: ReDoS 7
DevOps 8
Linux OS Management 8
Web Hosting 8
Docker 8
Data Backup 8
Kubernetes 8
SOC 9
Credential Access 9
Yara 9
Suricata 9
Regular Expressions 9
Privilege Escalation: SUID Bit 10
Discovery: Nmap 10
Initial Access: Port Knocking 10
Discovery: Miscellaneous 10
Privilege Escalation: Miscellaneous 10
SOC: Miscellaneous 11
2
Lateral Movement 11
Reverse Engineering 11
Microsoft 12
Microsoft OS Management 12
Microsoft Security Operations 12
Commercial Security Solutions 12
SOC Solutions 12
Miscellaneous 12
Challenges 12
Learning Path Assessments 13
BETA Modules 13
Security Awareness 15
Account Security 15
Data Security 15
Email Security 15
Internet Security 15
Physical Security 15
Social Engineering 15
Malware 15
Course Descriptions 16
Platform Tutorial 16
Injection: OS Command Injection 16
Injection: SQL Injection 16
Sensitive Data Exposure 17
Injection: NoSQL Injection 17
Security Misconfiguration: Cookie Security 17
Cross-Site Scripting XSS 18
Insecure Deserialization 18
Broken Access Control: Insecure Direct Object Reference 19
Broken Access Control: Path Traversal 19
Broken Access Control: Unrestricted File Upload 19
XML External Entities (XXE) 20
Broken Authentication: JSON Web Token Security 20
Injection: ReDoS 20
Linux OS Management 21
3
Web Hosting 21
Docker 21
Data Backup 22
Kubernetes 22
Credential Access 22
Yara 23
Suricata 23
Regular Expressions 23
Privilege Escalation: SUID Bit 24
Discovery: Nmap 24
Initial Access: Port Knocking 24
Discovery: Miscellaneous 25
Privilege Escalation: Miscellaneous 25
SOC: Miscellaneous 26
Lateral Movement 26
Reverse Engineering 26
Microsoft Logging 27
Microsoft Security Operations 27
SOC Solutions 27
Challenges 28
Learning Path Assessments 28
BETA Modules 28
Account Security (Security Awareness) 29
Data Security (Security Awareness) 29
Data Security (Security Awareness) 29
Internet Security (Security Awareness) 29
Physical Security (Security Awareness) 30
Social Engineering (Security Awareness) 30
Malware (Security Awareness) 30
4
Category/Course/Module Mapping Training content in the RangeForce platform is organized into categories, courses, and modules. Categories are created to encompass specific technologies, learning paths, or cybersecurity roles. Categories contain courses that group training modules based on common topic. For example, in the DevOps category, the Web Hosting course contains modules on Apache and Nginx HTTPS security. Below you will find all the available categories, with the courses and associated modules.
Tutorial
Platform Tutorial
● Module Tutorial
Web Application Security Essentials
Injection: OS Command Injection ● Command Injection: Find & Exploit (PHP) ● Command Injection: Fix (PHP) ● Blind Command Injection: Find & Exploit (NodeJS) ● Blind Command Injection: Fix (NodeJS)
Injection: SQL Injection
● SQL Injection: Prelude ● SQL Injection: Authentication ● SQL Injection: Union Select ● Blind SQL Injection: Find & Exploit
Sensitive Data Exposure
● API Security: Exposed Tokens ● Exposed Git Repository ● Path Traversal: Find & Exploit (PHP) ● Path Traversal: Fix (PHP) ● Path Traversal: Find & Exploit (NodeJS) ● Path Traversal: Fix (NodeJS)
5
Injection: NoSQL Injection
● Blind NoSQL Injection: Find & Exploit (Meteor) ● NoSQL Injection 1: Find ● NoSQL Injection 1: Exploit ● NoSQL Injection 1: Fix ● NoSQL Injection 2: Exploit ● NoSQL Injection 2: Fix
Security Misconfiguration Cookie Security
● Cookie Security: HttpOnly: Find & Exploit (PHP) ● Cookie Security: HttpOnly: Fix (PHP) ● Cookie Security: HttpOnly: Find & Exploit (NodeJS) ● Cookie Security: HttpOnly: Fix (NodeJS) ● Cookie Security: Secure: Find & Exploit (PHP) ● Cookie Security: Secure: Fix (PHP) ● Cookie Security: Secure: Find & Exploit (NodeJS) ● Cookie Security: Secure: Fix (NodeJS)
Cross-Site Scripting XSS
● DOM-based XSS: Find & Exploit (JavaScript) ● DOM-based XSS: Fix (JavaScript) ● XSS Filter Evasion: Find & Exploit (PHP) ● XSS Filter Evasion: Fix (PHP) ● XSS: Reflected ● XSS: Stored ● XSS: Stored-based Phishing
Insecure Deserialization
● Insecure Deserialization (Java) ● WASE Learning – PHP Serialization
6
Broken Access Control: Insecure Direct Object Reference
● Insecure Direct Object References: Find & Exploit (PHP) ● Insecure Direct Object References: Fix (PHP) ● Insecure Direct Object References: Find & Exploit (NodeJS) ● Insecure Direct Object References: Fix (NodeJS) ● Insecure Direct Object References 2: Exploit (PHP) ● Insecure Direct Object References 2: Fix
Broken Access Control: Path Traversal
● Path Traversal: Find & Exploit (PHP) ● Path Traversal: Fix (PHP) ● Path Traversal: Find & Exploit (NodeJS) ● Path Traversal: Fix (NodeJS)
Broken Access Control: Unrestricted File Upload
● Unrestricted File Upload: Find & Exploit (PHP) ● Unrestricted File Upload: Fix (PHP) ● Unrestricted File Upload: Find & Exploit (NodeJS) ● Unrestricted File Upload: Fix (NodeJS)
XML External Entities (XXE)
● XML External Entities (Java) ● XXE RCE Using PHP Expect
Broken Authentication JSON Web Token Security
● JSON Web Token Security ● JWT 1 (Challenge) ● JWT 2 (Challenge) ● JWT 3 (Challenge)
Injection: ReDoS
7
● ReDos
DevOps
Linux OS Management
● User Management ● File Management ● Software Management ● DevOps – System Info Gathering ● DevOps – Basic Bash Scripting ● Linux CLI Fundamentals (Challenge)
Web Hosting
● Web Hosting Basics (Apache) ● HTTPS Security: Introduction ● HTTPS Security: Apache ● HTTPS Security: Nginx
Docker
● Docker Introduction ● Docker Dockerfile ● Docker Networking ● Docker RunC Container Escape CVE-2019-5736 ● Docker RunC Container Escape ● Privilege Escalation: Docker Group ● Docker: Run Container as Unprivileged User
Data Backup
● DevOps – Backup & Recovery: Rsync ● DevOps – Backup & Recovery: BorgBackup
Kubernetes
● Kubernetes Overview
8
● Kubernetes Introduction
SOC
Credential Access
● Brute-force Defense ● Password Cracking ● Password Cracking 2 ● Exposed and Reused Credentials – Basic ● Exposed and Reused Credentials – Advanced: Phishing ● Exposed and Reused Credentials – Advanced: SSH Pass ● Security Tools – Password Spraying ● SOC Challenge - Exposed and Reused Credentials (Challenge)
Yara
● Yara Overview ● Yara Introduction ● Yara Rule Management ● Yara Rule Generation ● Yara Rule Writing
Suricata
● IDS/IPS: Suricata Basics ● IDS/IPS: Suricata IDS Rules ● IDS/IPS: Suricata IPS Rules ● IDS/IPS: Suricata Rule Management ● Bulkhead (Challenge)
Regular Expressions
● Regular Expressions: Basic ● Regular Expressions: Intermediate ● Regular Expressions: Advanced
9
Privilege Escalation: SUID Bit
● Privilege Escalation: SUID Bit 1 ● Privilege Escalation: SUID Bit 2 ● Privilege Escalation: SUID Bit 3 ● Privilege Escalation: SUID Bit (Challenge)
Discovery: Nmap
● Nmap: Basics ● Nmap: SMB Enumeration ● Nmap: SNMP Enumeration ● Nmap: SSH Enumeration ● Security Tools – Nmap: NFS Enumeration ● SOC Challenge – Mountaineer (Challenge) ● Grasshopper (Challenge)
Initial Access: Port Knocking
● Port Knocking ● Port Knock Sniffing ● Port Knox (Challenge)
Discovery: Miscellaneous
● GoBuster ● Nikto ● NoSQLMap ● PCAP Forensics: Wireshark ● SSH – Audit ● Sudo Killer ● TruffleHog ● Security Tools - TCPDump ● TShark Basics
Privilege Escalation: Miscellaneous
● Docker RunC Container Escape CVE-2019-5736 ● Privilege Escalation: Docker Group ● Privilege Escalation: Kernel Exploit (Dirty Cow) CVE-2016-5195
10
● Privilege Escalation: Linux Capabilities ● Privilege Escalation: LXD Group ● Privilege Escalation: Misconfigured PATH ● Privilege Escalation: Wildcard Injection ● SOC – Privilege Escalation: Misconfigured Cron Script Permissions ● Docker Privileged Container Escape ● Shellshock
SOC: Miscellaneous
● Security Introduction ● Malware Analysis ● Visual Spoofing ● OpenSMTPD Remote Code Execution CVE-2020-7247 ● Metasploit Basics ● OpenVPN AS ● KeePassXC ● Keygen ● PCAP Forensics TShark ● Privilege Escalation: Overprivileged Process ● Auto-Compression ● GnuTLS CVE-2020-13777 ● Kernel Exploit (Chocobo Root) CVE-2016-8655 ● Linux Syslog ● Introduction to the SOC
Lateral Movement
● ProxyChains ● Grasshopper (Challenge) ● Port Knox (Challenge)
Reverse Engineering
● SOC – Reverse Engineering 1 ● SOC – Reverse Engineering 2 ● SOC – Reverse Engineering 3 ● SOC Challenge – Keygen (Challenge)
11
Microsoft
Microsoft OS Management
● MS DevOps – PowerShell Introduction ● MS DevOps – PowerShell Basics – Part 1 ● MS SOC – Windows Event Logs ● MS SOC – PowerShell Logging
Microsoft Security Operations
● NTLM Authentication ● Pass the Hash ● Fiddler ● Active Directory Rights Management ● PowerShell Introduction ● PowerShell Basics – Part 1 ● Sysinternals Sysmon ● Active Directory GPO ● Sysinternals Procmon ● Voidtools Everything
Commercial Security Solutions
SOC Solutions
● Security Tools - Recorded Future: Browser Extension ● Security Tools - Malware Analysis: VirusTotal ● Security Tools - Splunk Basics ● Security Tools - Splunk: Fields and Transforms ● Security Tools - Splunk: Alerts
Miscellaneous
Challenges
● Backdoor 1 ● Backdoor 2 ● Backdoor 3 ● Beta
12
● Botnet Takedown ● Bulkhead ● Daikon ● Fl4gPrint3r ● Joker ● LabTube ● System Compromised ● Uncontained ● Visual Spoofing ● Webmin ● Alpha LVL1 ● Alpha LVL2 ● Alpha LVL3 ● Delta LVL1 ● Delta LVL2 ● Delta LVL3 ● Delta LVL4 ● Gamma LVL1 ● Gamma LVL2 ● Gamma LVL3 ● Kappa ● Phone ● Spider ● Linux Networking Fundamentals ● Security and Protection Fundamentals ● Socat ● Privilege Escalation: Miscombobulations ● PHP Serialization
Learning Path Assessments
● SOC Level 1 Assessment ● SOC Level 2 Assessment ● Threat Hunter Assessment ● OWASP Assessment
BETA Modules
● PowerShell Code Signing ● Sysmon: Process Injection ● Ansible Introduction
13
● Wireshark Basics ● Kubernetes Deployment and Scaling ● AWS Instance Metadata SSRF ● Apache Struts CVE-2017-5638 ● Blind XML External Entities ● Remote Code Execution Introduction ● PKI Web Cert Template ● Insecure PRNG ● npm audit ● Splunk: Alerts ● Docker Persistent Data: Named Volumes ● Introduction to Injection Attacks ● FIrewall Policies: IPTables ● Netcat Introduction ● Password Security In-Depth ● Carbon Black Endpoint Security - Analyst 1 ● PKI Web Server Cert Enrollment ● Snyk ● LOKI IOC Scanner ● Splunk Webapp IR: Brute Force Detection ● Kubernetes: NodePort and LoadBalancer Services ● Kubernetes ClusterIP Service ● Carbon Black Endpoint - Analyst 2 ● Understanding the Threat Landscape ● Introduction to SIEM and SOAR ● Kubernetes Generators ● Privilege Escalation Introduction ● Powershell Basics - Part 2 ● WASE Challenge - OWASP Capstone ● SOC - PostgreSQL Arbitrary Code Execution CVE-2019-9193 ● Kubernetes YAML File ● Docker Persistent Data: Bind Mounts ● Splunk: Visualizations ● Yextend ● Investigations with Wireshark ● Introduction to Password Cracking Countermeasures ● Introduction to Log Management with the Systemd Journal ● Weak and Reused Credentials ● Introduction to Email Based Threats ● Ransomware Overview ● The Building Blocks of Infosec ● Lateral Movement Overview
14
Security Awareness
Account Security
● Passwords ● Passphrases ● Multi-Factor Authentication
Data Security
● Data Leaks ● GDPR ● Handling Confidential Material
Email Security
● Spear Phishing ● Malicious Attachments ● Spyware in Attachments
Internet Security
● HTTPS
Physical Security
● HTTPS
Social Engineering
● Tailgating ● Unattended Computers
Malware
● Ransomware ● Spyware
15
Course Descriptions If you require more information about the courses detailed in the Category/Course/Module Mapping section, you can reference the overview, prerequisites, and learning outcomes here.
Platform Tutorial Introduction to the RangeForce platform and the Virtual Teaching Assistant.
PREREQUISITES
● None
LEARNING OUTCOMES
● Learner understands how to navigate the Virtual Teaching Assistant.
Injection: OS Command Injection Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. This course will teach you about command injection and blind command injection.
PREREQUISITES
● Basic knowledge on how to use the Linux CLI. ● Knowledge on how to use a Linux CLI text editor such as nano or vim.
LEARNING OUTCOMES
● Learner understands the concept of command injections. ● Learner understands the concept of blind command injections. ● Learner understands how to find, exploit and fix command injection vulnerabilities.
Injection: SQL Injection This course will teach you about the SQL injection vulnerability. An SQL injection attack consists of insertion or “injection” of an SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data and even execute administration operations on the database.
PREREQUISITES
● Basic knowledge of the Structured Query Language (SQL).
16
● Basic knowledge on how to use the Linux CLI.
LEARNING OUTCOMES
● Learner understands the concept of an SQL injection. ● Learner understands how to find, exploit and fix SQL injection vulnerabilities.
Sensitive Data Exposure Sensitive Data Exposure occurs when an application does not adequately protect sensitive information. This course will teach you about API security and also about the dangers of exposed repositories.
PREREQUISITES
● Basic knowledge on how to use the Linux CLI. ● Knowledge on how to use a Linux CLI text editor such as nano or vim.
LEARNING OUTCOMES
● Learner understands the concept of sensitive data exposure. ● Learner understands how to find, exploit and fix the vulnerabilities and misconfigurations presented
in this course.
Injection: NoSQL Injection This course will teach you about the NoSQL injection vulnerability. NoSQL injection attacks may execute in different areas of an application than traditional SQL injection. The NoSQL injection vulnerability can be used by a malicious actor to access and modify sensitive data, including usernames, email addresses, password hashes and login tokens. Chained with other vulnerabilities it can lead to a full site takeover.
PREREQUISITES
● Basic knowledge of the Structured Query Language (SQL). ● Basic knowledge on how to use the Linux CLI.
LEARNING OUTCOMES
● Learner understands the concept of a NoSQL injection. ● Learner understands how to find, exploit and fix NoSQL injection vulnerabilities.
Security Misconfiguration: Cookie Security Security Misconfiguration is simply defined as failing to implement all the security controls for a server or web application, or implementing the security controls, but doing so with errors. In this course, you will learn about the dangers of misconfigured cookies.
PREREQUISITES
17
● Knows how to use Wireshark. ● Basic knowledge on the concept of XSS. ● Basic programming knowledge on Javascript. ● Basic programming knowledge on PHP.
LEARNING OUTCOMES
● Learner understands the concept of cookies and cookie security. ● Learner knows how to find, exploit and fix vulnerabilities related to misconfigured cookies.
Cross-Site Scripting XSS Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. This course will teach you about different forms of XSS.
PREREQUISITES
● Basic knowledge on how to use the Linux CLI. ● Knowledge on how to use a Linux CLI text editor such as nano or vim. ● Basic programming knowledge on Javascript.
LEARNING OUTCOMES
● Learner understands the concept of Cross-Site Scripting (XSS). ● Learner understands how to find, exploit and fix various forms of XSS vulnerabilities.
Insecure Deserialization Serialization is the process of turning some object into a data format that can be restored later. Deserialization is the reverse of that process, taking data structured from some format, and rebuilding it into an object. Insecure deserialization is a vulnerability in which an untrusted or unknown data is used to either inflict a denial of service attack (DoS attack), execute code, bypass authentication or further abuse the logic behind an application. In this course, you will learn about the Insecure deserialization vulnerability.
PREREQUISITES
● Basic knowledge on how to use the Linux CLI. ● Knowledge on how to use a Linux CLI text editor such as nano or vim. ● Basic knowledge on scripting.
LEARNING OUTCOMES
● Learner understands the concept of insecure deserialization. ● Learner understands how to find and exploit an insecure deserialization vulnerability.
18
Broken Access Control: Insecure Direct Object Reference This course will teach you about Insecure Direct Object References (also known as IDOR). Insecure Direct Object References happen when it’s possible to get direct access to different data objects within a web application which are exposed to users. As a result of this vulnerability it is possible for potential attackers to bypass authorization or access data like files or database records in the system directly.
PREREQUISITES
● Basic programming knowledge on Javascript. ● Basic programming knowledge on PHP.
LEARNING OUTCOMES
● Learner understands the concept of Insecure Direct Object References. ● Learner understand how to find, exploit and fix IDOR vulnerabilities.
Broken Access Control: Path Traversal This course will teach you about Path Traversal. A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the web root folder.
PREREQUISITES
● Basic programming knowledge on Javascript. ● Basic programming knowledge on PHP.
LEARNING OUTCOMES
● Learner understands the concept of Path Traversal. ● Learner understands how to find, exploit and fix a Path Traversal vulnerability.
Broken Access Control: Unrestricted File Upload Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. Using a file upload helps the attacker accomplish the first step. In this course, you will learn about the Unrestricted File Upload vulnerability.
PREREQUISITES
● Basic programming knowledge on Javascript. ● Basic programming knowledge on PHP.
LEARNING OUTCOMES
● Learner understands the concept of the Unrestricted File Upload vulnerability. ● Learner understands how to find, exploit and fix an Unrestricted File Upload vulnerability.
19
XML External Entities (XXE) An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. In this course, you will learn about the XXE vulnerability.
PREREQUISITES
● Basic knowledge of Java. ● Basic knowledge on how to use the Linux CLI.
LEARNING OUTCOMES
● Learner understands the concept of XXE. ● Learner understands how to find, exploit and fix XXE vulnerabilities.
Broken Authentication: JSON Web Token Security JSON Web Tokens (JWT) are commonly used to implement authentication and authorization on websites and APIs. In this course, you will learn how to identify, decode and create tokens, and also how to exploit common vulnerabilities in JSON Web Token implementations.
PREREQUISITES
● Basic knowledge on how to use the Linux CLI.
LEARNING OUTCOMES
● Learner understands the concept of JSON Web Tokens. ● Learner understands how to identify, decode and exploit common vulnerabilities in JSON Web Token
implementations.
Injection: ReDoS In this course, you will learn about Regular expression Denial of Service (ReDoS). ReDoS is a Denial of Service attack, that exploits the fact that most Regular Expression implementations may reach extreme situations that cause them to work very slowly (exponentially related to input size). An attacker can then cause a program using a Regular Expression to enter these extreme situations and then hang for a very long time.
PREREQUISITES
● Basic knowledge on how to use the Linux CLI. ● Knowledge on how to use a Linux CLI text editor such as nano or vim. ● Basic programming knowledge on Javascript.
20
Linux OS Management This course will teach you the basic skills of Linux administration.
PREREQUISITES
● Basic knowledge on how to use the Linux CLI. ● Knowledge of how to use a Linux CLI text editor such as nano or vim.
LEARNING OUTCOMES
● Learner understands the basics of Linux administration. ● Learner understands how to manage users, files and software using the Linux CLI.
Web Hosting In this course, you will learn how to set up a web server. In addition to that, you will learn about the importance of using Hypertext Transfer Protocol Secure (HTTPS) and how to configure your web application to use it as well.
PREREQUISITES
● Basic knowledge on how to use the Linux CLI. ● Knowledge on how to use a Linux CLI text editor such as nano or vim. ● Knows how to use Wireshark.
LEARNING OUTCOMES
● Learner understands how to set up a web server. ● Learner understands the importance of using HTTPS over HTTP. ● Learner understands how to configure a web application to use HTTPS.
Docker This course will teach you the basics of how to use Docker. Docker is a software platform for building applications in small and lightweight execution environments called containers, which are isolated from other processes, operating system resources and kernel. Containers are assigned resources that no other process can access, and they cannot access any resources not explicitly assigned to them.
PREREQUISITES
● Basic knowledge on how to use the Linux CLI. ● Knowledge on how to use a Linux CLI text editor such as nano or vim.
LEARNING OUTCOMES
● Learner understands what Docker is and what it is used for. ● Learner understands how to use Docker.
21
● Learner understands the concept of containerization.
Data Backup A data backup is the result of copying or archiving files and folders for the purpose of being able to restore them in case of data loss. In this course, you will learn how to use tools like Rsync and BorgBackup for your backups.
PREREQUISITES
● Basic knowledge on how to use the Linux CLI.
LEARNING OUTCOMES
● Learner understands the concept of data backups. ● Learner understands how to use different tools to back up their data.
Kubernetes This course will teach you how to use Kubernetes (K8s), an open-source system for automating deployment, scaling, and management of containerized applications.
PREREQUISITES
● Basic knowledge on how to use the Linux CLI. ● Basic knowledge about containers. ● Basic knowledge about orchestration.
LEARNING OUTCOMES
● Learner knows what is Orchestration. ● Learner knows about Kubernetes. ● Learner knows about configuring a local Kubernetes Cluster.
Credential Access This course will teach you the basics of password cracking, the dangers of exposed and reused passwords, and how to use different IPS software to protect a website from brute-force attacks.
PREREQUISITES
● Basic knowledge on how to use the Linux CLI. ● Knowledge on how to use a Linux CLI text editor such as nano or vim.
LEARNING OUTCOMES
● Learner understands how to use IPS software to defend against brute force attacks. ● Learner understands the dangers of exposed and reused passwords.
22
● Learner understands the basics of password cracking.
Yara In this course you will learn about YARA. YARA is a tool that identifies malware by creating descriptions that look for certain characteristics. Each description can be either a text or a binary pattern. These descriptions are called “rules”. And by using rules that specify regex patterns, YARA enables the detection of specific patterns in files that might indicate that the file is malicious.
PREREQUISITES
● Basic knowledge on how to use the Linux CLI. ● Knowledge on how to use a Linux CLI text editor such as nano or vim.
LEARNING OUTCOMES
● Learner understands what Yara is and what it is used for. ● Learner understands how to use Yara.
Suricata This course will teach you about Suricata. Suricata is a real-time threat detection engine that helps protect your network against threats by actively monitoring network traffic and detecting malicious behavior based on written rules. It can operate in a network security monitoring (NSM) mode and can also be configured as an intrusion prevention system (IPS) or intrusion detection system (IDS).
PREREQUISITES
● Basic knowledge on how to use the Linux CLI. ● Knowledge on how to use a Linux CLI text editor such as nano or vim.
LEARNING OUTCOMES
● Learner understands what Suricata is and what it is used for. ● Learner understands how to use Suricata.
Regular Expressions This course teaches you about Regular expressions. Regular expressions (regex or regexp) is an awesome technique that can be used in a variety of ways. At first it may seem a bit intimidating, especially for those without a formal education in Computer Science, but with a little practice, it can become a really fast and powerful tool.
PREREQUISITES
● Basic awareness of mathematical operators. ● Basic familiarity with programming.
23
LEARNING OUTCOMES
● Learner understands the concept of regular expressions. ● Learner understands how to use regular expressions of varying difficulty levels.
Privilege Escalation: SUID Bit This course will teach you about the SUID bit and the risks it holds if not used carefully. The SUID bit is a flag on a file which states that whoever runs the file will have the privileges of the owner of the file. So, if you are student and the file is owned by root, then when you run that executable, the code runs with the permissions of the root user.
PREREQUISITES
● Basic knowledge on how to use the Linux CLI. ● Knowledge on how to use a Linux CLI text editor such as nano or vim.
LEARNING OUTCOMES
● Learner understands what the SUID bit is and what it is used for. ● Learner understands how to find and exploit SUID executables.
Discovery: Nmap This course will teach how to use Nmap! Nmap, also known as network mapper, is a free and open-source security tool widely known for its powerful network discovery, enumeration and security auditing abilities. Network administrators utilize Nmap to establish a network map and get more information about what’s going on inside the network: which hosts are online, what ports are open, which services are offered, and more.
PREREQUISITES
● Basic knowledge on how to use the Linux CLI. ● Knowledge on how to use a Linux CLI text editor such as nano or vim.
LEARNING OUTCOMES
● Learner understands what Nmap is and what it is used for. ● Learner understands how to
Initial Access: Port Knocking This course will teach you about port knocking. Port knocking is a method of externally opening ports. Once a server receives a secret sequence of ‘knocks’ on a closed port or ports, the server will execute a pre-configured set of actions. Actions may vary from opening ports for quick access to a full reboot of the system.
24
PREREQUISITES
● Knows how to use Wireshark.
LEARNING OUTCOMES
● Learner understands the concept of port knocking. ● Learner understands how to use port knocking.
Discovery: Miscellaneous This course will teach you how to use various discovery, analysis and enumeration tools to perform web scans, analyse files, search through repositories and exploit various found vulnerabilities.
PREREQUISITES
● Basic knowledge on how to use the Linux CLI. ● Knowledge on how to use a Linux CLI text editor such as nano or vim.
LEARNING OUTCOMES
● Learner understands how to use various security tools to discover, analyse and exploit known vulnerabilities.
● Learner understands how to defend against the vulnerabilities and misconfigurations presented in the content of this course.
Privilege Escalation: Miscellaneous This course will teach you about a variety of privilege escalation methods. The content ranges from misconfigurations in the Linux system to exploiting CVE-s.
PREREQUISITES
● Basic knowledge on how to use the Linux CLI. ● Knowledge on how to use a Linux CLI text editor such as nano or vim.
LEARNING OUTCOMES
● Learner understands the concepts of the various privilege escalation techniques presented in this course.
● Learner understands how to use the various privilege escalation techniques presented in this course. ● Learner understands how to defend against the various privilege escalation techniques presented in
this course.
25
SOC: Miscellaneous In this course, you will learn about threat analysis techniques and the basic Linux command line tools used for that. In addition, this course will teach you about the concept of visual spoofing.
PREREQUISITES
● Basic knowledge on how to use the Linux CLI. ● Knowledge on how to use a Linux CLI text editor such as nano or vim.
LEARNING OUTCOMES
● Learner understands the concept and different methods of basic threat analysis. ● Learner understands the concept of visual spoofing.
Lateral Movement Lateral Movement consists of techniques that adversaries use to enter and control remote systems on a network. Following through on their primary objective often requires exploring the network to find their target and subsequently gaining access to it. This course will teach you how to use ProxyChains and will challenge your skills in gaining access to private networks.
PREREQUISITES
● Knows how to use Nmap. ● Knows about port knocking.
LEARNING OUTCOMES
● Learner understands how to use ProxyChains. ● Learner understands the concept of lateral movement
Reverse Engineering Reverse engineering is a process that hackers use to figure out a program’s components and functionalities in order to find vulnerabilities in the program. In this course, you will learn how to analyze a simple program with basic command-line tools and Ghidra.
PREREQUISITES
● Basic knowledge on the C programming language. ● Basic knowledge on how to use the Linux CLI.
LEARNING OUTCOMES
● Learner understands the concept of reverse engineering. ● Learner understands how to use different tools to find vulnerabilities in a program.
26
Microsoft Logging This course will introduce the Microsoft Logging system including how to enable and search advanced logging features.
PREREQUISITES
● Basic Windows PowerShell
LEARNING OUTCOMES
● Learner understands types of Windows event logs. ● Learner understands how to search Windows event logs. ● Learner understands how to enable PowerShell logging.
Microsoft Security Operations This course will teach you Windows security concepts and give you a chance to explore various attacker methods for exploiting weaknesses.
PREREQUISITES
● Windows event log searching ● Windows user administration
LEARNING OUTCOMES
● Learner understands NTLM authentication ● Learner understands how to detect pass-the-hash lateral movement
SOC Solutions These modules will introduce you into select tools and solutions commonly used in the SOC. You will learn how to use these solutions and understand how to apply them to your work in defending your organization against attacks.
PREREQUISITES
● Understanding of security concepts
LEARNING OUTCOMES
● Learn what different security solutions are used for ● Learn how to use various security solutions in your everyday workflow
27
Challenges This course contains a wide selection of challenges that require knowledge in many different areas of expertise to complete them. These challenges are designed to test and validate your knowledge of the given subject.
It is recommended to complete modules as presented within relevant learning courses or learning paths rather than access them through this course. No learning materials and minimal hints/solutions are available in these challenges as you are expected to have already learned the applicable concepts.
PREREQUISITES
● Knowledge from Rangeforce modules related to the subject of the challenge or equivalent experience from other systems.
● Basic knowledge on how to use the Linux CLI. ● Knowledge on how to use a Linux CLI text editor such as nano or vim.
LEARNING OUTCOMES
● Learner demonstrates application of techniques and knowledge needed to complete the challenges.
Learning Path Assessments Skill assessments for Rangeforce learning paths.
PREREQUISITES
● None
LEARNING OUTCOMES
● Know where your skills stack up!
BETA Modules This course contains early access into the latest RangeForce modules. Remember to use the Feedback tab to submit feedback and suggestions.
PREREQUISITES
● Hacker mentality
LEARNING OUTCOMES
● Better RangeForce modules!
28
Account Security (Security Awareness) These security awareness videos are designed to help you learn to better secure your accounts.
PREREQUISITES
● None
LEARNING OUTCOMES
● Learn password best practices ● Understand the concepts of multi-factor authentication
Data Security (Security Awareness) These security awareness videos are designed to help you learn concepts pertaining to data security.
PREREQUISITES
● None
LEARNING OUTCOMES
● Understand what data leaks are ● Learn how to handle sensitive information
Data Security (Security Awareness) These security awareness videos are designed to help you learn more about email based threats.
PREREQUISITES
● None
LEARNING OUTCOMES
● Understand how threat actors leverage email in their attacks ● Learn core concepts and terminology surrounding email security
Internet Security (Security Awareness) These security awareness videos are designed to help you learn how to use the internet more safely.
PREREQUISITES
● None
LEARNING OUTCOMES
● Understand the threats that exist on the internet ● Learn how to identify secure sites
29
Physical Security (Security Awareness) These security awareness videos are designed to help you learn how to better secure physical locations and your workspace.
PREREQUISITES
● None
LEARNING OUTCOMES
● Understanding of tailgating ● Learn the problems that can occur from leaving a computer unattended
Social Engineering (Security Awareness) These security awareness videos are designed to help you learn how to spot social engineering attacks.
PREREQUISITES
● None
LEARNING OUTCOMES
● Understanding of how social engineering works ● Demonstrate knowledge regarding the different types of social engineering attacks
Malware (Security Awareness) These security awareness videos are designed to help you understand what malicious software is and the threat it presents.
PREREQUISITES
● None
LEARNING OUTCOMES
● Understanding of the different types of malware ● Knowledge of the different ways malware infects computers ● Understanding of what the different malware attacks do
30