Class Details

So, why do we want a penetration testing range? The number one reason is to provide us a “playground” where we can practice and perfect our skill without requiring authorization; moreover, without breaking the law in the process of learning how to hack.

In this class, you will learn how to build complex virtual architectures that will allow you to perform virtually any required testing methodology and perfect it.

Course Outline

Module One: Introduction

  • Need for a Cyber Range
  • Game versus realistic experience
  • Selecting a platform 

Lab 1-1: Sample Cyber Ranges

  • In this lab the students will review the different cyber ranges that are accessible to the public. The ranges solutions that are available in the cloud environment will be explored. A comparison matrix will be created to evaluate the different “external” range options that are out there

Module Two: Building a Cyber Range

  • Anatomy of a breach
  • Finding vulnerabilities to test
  • Vulnerability Sites

Lab 2-1: Vulnerability Sites

  • In this lab the students will review several of the top sites for vulnerabilities and learn how to review and interpret the vulnerability with respect to risk. Once they have done this, they will select vulnerabilities and create a requirements list of how to create and use a lab environment to test the vulnerabilities they have selected.
  • Why create your own lab?
  • Power of virtualization
  • Commercial and open source virtualization software
  • Creating virtual machines

Lab 2-2: Creating Virtual Machines

  • In this lab, the students will use templates from pre-built machines to create and customize their own machine. They will create a machine from an iso image and they will use the powerful feature of cloning virtual machines to expand their network.
  • Converting physical to virtual.
  • Different network configurations
  • Bridged, NAT, Host Only and Custom
  • VMware Tools features

Lab 2-3: Installing and Configuring VMware Tools

  • In this lab, the student will install VMware tools with a wizard in Windows and manually within Linux using scripting. Once the tools are installed, the configure the tools to allow for drag and drop as well as copy and pasting of commands between machines.

Module Three: Creating an External Architecture

  • Creating the Devices
  • Routers
  • Firewalls
  • Different Firewall Architectures
  • Building the network switches
  • DMZ machines and traffic routing
  • Traffic filtering
  • Web Application Firewalls
  • Configuring the rules for the DMZ traffic 

Lab 3-1: External Architecture I

  • In this lab, the student will create the switching to support the networking of an externals architecture. They will build a router machine to serve the role as the 1st layer of defense in an enterprise network architecture. Once the first layer is developed then the students will create the 2nd layer of defense and design, build and configure the firewall for their architecture

Module Four: Cyber Range Applied Practice

  • Ultimate testing and developing methods
  • Identify the software
  • Form a network address plan
  • Design the network layers 

Lab 4-1: Design the Layers

  • In this lab, the students will examine a variety of different enterprise architecture designs and plan their design for the course, the concepts of bridging, tunneling and routing will be explored. Methods to emulate different networks for banks, government and other entities will be compared and evaluated
  • Creating multiple layers to define an enterprise network
  • Controlling the routes through a multi-layered architecture
  • Developing the ingress and egress traffic rules

Lab 4-2: Multiple-Layers

  • In this lab, the students will add more layers to their network design, configure the routing and filtering rules to emulate a 3 layered network defense architecture and learn how to troubleshoot network traffic flow and routing problems when developing complex virtual architectures.
  • Resources to get machines
  • Creating and designing your own machines
  • Cloning the design
  • Using teams of machines using folders

Lab 4-3: Adding Machines

  • In this lab, the students will use external resources to add machines to their networks, the customization of machines will be explored. They will develop teams of machines using folders so that the network can be started or shutdown all at once
  • Building machines from ISO images
  • Deploying ova and ovf templates to create machines 

Lab 4-4: Customizing Machines

  • In this lab the students will get to customize their machines, they will learn configuration and design settings that can improve the performance of the virtual machine. The methods of improving performance for the virtual machine as well as the host will be explored

Module Five: Building a Complete Range

  • Virtual design components
  • Advantages and disadvantages of the different network switches
  • Customizing the switches for different results
    • Using segments

Lab 5-1: Designing a virtual environment

  • In this lab, the student will design a complete 3 segment architecture with different network switch connections. The lab will include changes made to the switch configuration and how to test for and select the best settings
  • Methods to test the network range
  • Replaying packet capture files
  • Creating your own network capture files for historical and training purposes
  • Using the tcpreplay command line tool 

Lab 5-2: Replaying traffic from the command line

  • In this lab, the students will first create network capture files then use tcpreplay to replay the capture out on to the network. The lab will involve the replay of existing capture files and discuss methods of analyzing the data within the packet capture file. The different options and methods of customization for the capture files will be explored and a comparison matrix created - Replaying packets using GUI based tools 

Lab 5-3: Replaying Traffic Using GUI Based Tool

  • In this lab, the students will use the free tool Colasoft Packet Player to replay network packet capture files across different interfaces. The options to increase and slow down the speeds will be examined. Additionally, the capability to loop and replay entire folders of capture files will be examined - Protocol Analysis tool Wireshark

Lab 5-4: Foundations of Protocol Analysis

  • In this lab, the student will examine IP, ICMP, UDP and TCP network protocol communication at the packet level to learn how the network packets look when transmitted. The first steps of decoding network traffic packet captures will be explored. This lab is a first-level step into the world of intrusion and malware analysis at the packet level

Module Six: Advanced Range

  • Creating an advanced range design
  • Building the switching
  • Planning for the addressing
  • Architecting the routing and packet paths 
  • Methods to test our design
  • Applying the range to Red, Blue. Black and White 

Lab 6-1: Creating an Advanced Range

  • In this lab, the students will design an advanced range that incorporates 5 switches, the network will consist of multiple firewalls and a web application firewall. Once the range is designed the students will create the routing tables that will be required to the network traffic throughout their range. The range will be explored from the perspective of a Red Team, Blue Team, a Blackhat hacker and a Whitehat hacker. The range that will be designed by the student can emulate an entire Security Operations Center as well as many other enterprise networks