Class Details

In this course you can build and cultivate stronger skills and knowledge for detecting, assessing, and protecting computing environments from vulnerabilities. Read through the course outline to learn about the course content. 

Course Outline

Module One: Fundamentals of Vulnerability Assessment

  • Need for vulnerability assessment
  • Vulnerability assessment terminology
  • Vulnerability reporting
  • Finding information about vulnerabilities 

Lab: Vulnerability Sites

  • In this lab, the student will explore a variety of vulnerability sites to learn how to analyze what the vulnerability means. The sites will include responsible disclosure sites that provide the vendor time to respond to a notification of a vulnerability as well as sites that are FULL disclosure and release vulnerabilities as soon as they are discovered. The layout and structure of the site will be examined, and a matrix created of the students top 2-3 sites
  • Determining a vulnerability severity
  • Severity classification according to scanner
  • Common Vulnerability Scoring System (CVSS) 

Lab: Determining vulnerability severity

  • In this lab, the student will learn about the severity ratings of different vulnerabilities that are applied by the different vendors. Then the process of classifying the severity of a vulnerability using the CVSS will be explored to see how the Environmental and Temporal components can change the severity of a vulnerability
  • Disclosure 
    • Full
    • Responsible
    • Mix
  • Standardize vulnerabilities
    • Common Vulnerability Exposure (CVE)

 

Module Two: Scanners

  • Methods to identify the services on a machine
  • Evaluate attack surface
  • Banner grabbing
  • Detect the target Operating System
  • Enumeration of users and shares
  • Policy assessment and evaluation 

Lab: Methods to extract target data

  • In this lab, the student will perform a variety of different types of vulnerability scans, the process of analyzing the data and determining what is the best scan type will be practiced. Scanning of services and applications will be conducted and the results analyzed to determine the risk that is represented by the data discovered
  • Types of vulnerability scanners
    • Network
    • Host/agent
    • Special
  • Challenges for scanners
    • Default installs
    • Filters
    • Authentication 

Lab: Vulnerability Scanners

  • In this lab, the student will continue to assess the data and determine what the results show with respect to weaknesses and vulnerabilities. The lab will include an investigation into what the strengths and weaknesses are of vulnerability scanners, the processing of data will include when the firewall and other filtering are between the target and the scanner
  • Defining penetration testing
  • Testing for exploits
    • Sending attacks
    • Reading configuration data
    • Examining the target for exploit artifacts
  • Anatomy of an exploit
    • Vector
    • Payload 

Lab: Introduction to Exploitation

  • In this lab, the student will explore the different methods of validation of a vulnerability which is the art of exploitation, the analysis of the data from the vulnerability will be reviewed to look for an exploit to leverage a vulnerability, the concept of all systems, network and software having vulnerabilities will be explored and the challenge of identifying if the vulnerability can be leveraged with an exploit to gain access will be attempted as well
  • Attack classification
    • Worms 
    • Viruses
    • Ransomware
    • Malware
    • Backdoors
    • Rootkits
    • Denial of Service
    • Man in the Middle
  •  Exploit research
    • Exploit-db
    • Security Focus
  • Exploit frameworks
    • Metasploi
    • Core Impact

Lab: Exploit Research and Frameworks

  • In this lab, the student will expand on the challenges of exploit research and learn how to utilize the different frameworks that are available to find potential vulnerabilities that can be leveraged using the different frameworks. Additionally, the process of manually finding exploits and building and compiling the exploit that is discovered will be practiced

 

Module Three: Infrastructure Vulnerabilities

  • Components of the infrastructure
  • Device, Firewall and IDS weaknesses
    • IDS
    • Preprocessors 

Lab: Device Vulnerabilities

  • In this lab, the student will be able to explore a variety of devices to assess the vulnerabilities of these devices. At the completion of the assessment of the devices, the historical and types of vulnerabilities that have been discovered on devices and the latest vulnerabilities of devices will be reviewed
  • Network management tools
    • Protocol analyzers
    • Wireshark
    • dissectors
    • Performance monitoring
  • Infrastructure vulnerabilities
    • Design 
    • Configuration 
    • Denial of Service

Lab: Network Management Tool Vulnerabilities

  • In this lab, the student will see how the protocol analyzer Wireshark has had vulnerabilities in the dissector that has resulted in remote code execution exploits. The method of evaluating the different network management tools will be reviewed to include the latest types of vulnerabilities that have been discovered in the different network management tools

 

Module Four: Server Vulnerabilities

  • Malicious file injection
    • Remote File Inclusion (RFI) 
    • Local File Inclusion (LFI)
    • Upload and execution 

Lab: Malicious File Execution

  • In this lab, the student will identify the different types of file injection and conduct the powerful attacks of RFI and LFI. The method of uploading web shells and remote access trojan tools will be practiced and the process to detect these types of vulnerabilities will be reviewed and a matrix comparison of the different methods required to detect the different injection attacks will be developed
  • Web Servers and Web Applications
    • OWASP
    • Top 10
    • Injection Flaws 

Lab: Injection Attacks

  • In this lab, the student will learn how an attacker conducts injection attacks to include attacks using HTML, SQL, XML and SOAP. Once the methods of the attacks are practiced, the methods that can be used to discover the vulnerabilities will be reviewed and the characteristics associated with each attack will be recorded for reference
    • Cross Site Scripting (XSS) 

Lab: Cross Site Scripting Attacks (XSS)

  • In this lab, the student will perform both Stored XSS and Reflected XSS attacks, the methods of the attacks will be reviewed to determine the network artifacts that the attacks leave behind that can used for analysis and response. The process and methods to discover these vulnerabilities will be reviewed o Server Side Includes o Server Side Request Forgery 

Lab: Web Application Advanced Attacks

  • In this lab, the student will get to explore the latest attacks against web applications that have been discovered and carried out in the wild. The process of detecting these advanced attacks will be practiced so that the students can recognize when the data they are analyzing has come from one of these advanced attack methods

Module Five: Client Vulnerabilities

  • Client side software vulnerabilities
  • Office software
  • Browsers
  • Flash
  • Java
  • Adobe 

Lab: Client Vulnerabilities

  • In this lab, the student will learn the threats to the enterprise when users click on phishing emails or any other type of malicious link, the process of how to detect the command and control from the malware once it has infected the machine will first be simulated then an actual malware infection will be examined in a sandbox environment that will allow the student to determine what the infected machine exhibits once the malware has planted, to include the Command and Control setup as well ad the artifacts of attempted and successful lateral movement 

Module Six: Assessing Vulnerabilities

  • Identifying the attack surface
  • Analyzing data to determine weaknesses
  • Performing application vulnerability assessments
  • Determining the impact and implications from discovered weaknesses 

Lab: Application Vulnerabilities

  • In this lab, the student will research the historical significance of application vulnerabilities that have been encountered against enterprise software, the process of application testing from a static and dynamic point will be explored. The student will create a simple application with a flaw in it and work through the process of discovering the weakness that they have coded. At the completion of this, they will be provided code files and review the code using the techniques they have learned

Module Seven: Log Analysis

  • Log Analysis of Network Traffic on Windows and Linux
  • Identifying normal vs abnormal log events
  • Determining cause of abnormal log events
    • Error
    • Malicious
  • Recognizing common patterns of network attacks in log files
  • Log analysis using Windows Event Viewer logs
  • Log analysis using the /var/log/messages and other log files in Linux 

Lab: Analyzing Log Files

  • In this lab, the student will learn the process of analyzing log files for suspicious activity, this lab is a culmination that will flex their knowledge and skills of vulnerabilities and the characteristics and artifacts when these vulnerabilities are attacked, but now they will have to analyze it just using the log files which is what most enterprise environments use when first discovering some form of an infection or an attack against them 

Module Eight: Building a Vulnerability Management Program

  • The NIST Model for Vulnerability Management
  • Assets Identification
  • Network segmentation and isolation
  • Designing zones by risk rating
  • Creating robust ingress and egress filtering
  • Tracking site vulnerabilities
  • Analyzing the vulnerability severity
  • Developing a patch management strategy 

LAB: Workshop on Establishing a Vulnerability Strategy

  • In this workshop, the students will participate as a team that represents an enterprise level organization, during the workshop the process and methodology for developing a strategy to manage vulnerabilities will be explored. At the completion of this, the team will be tasked with creating their strategy, once the strategy in place a series of events related to discovered vulnerabilities and attacks being released will be presented to the team, so they can test the strategy they have created, the attacks will continue and be progressive and escalate to flex the team strategy and see if it scales well. At the end of the workshop there will be a debrief and lessons learned session