| Chapter 1 Cybersecurity and the Security Operations Center |
|
1 | (16) |
|
1.0.1.2 Class Activity-Top Hacker Shows Us How It is Done |
|
|
1 | (2) |
|
|
|
1 | (1) |
|
|
|
1 | (1) |
|
|
|
1 | (2) |
|
1.1.1.4 Lab-Installing the CyberOps Workstation Virtual Machine |
|
|
3 | (4) |
|
|
|
3 | (1) |
|
|
|
3 | (1) |
|
|
|
3 | (1) |
|
Part 1: Prepare a Host Computer for Virtualization |
|
|
3 | (1) |
|
Part 2: Import the Virtual Machine into the VirtualBox Inventory |
|
|
4 | (2) |
|
|
|
6 | (1) |
|
1.1.1.5 Lab-Cybersecurity Case Studies |
|
|
7 | (2) |
|
|
|
7 | (1) |
|
|
|
7 | (1) |
|
|
|
7 | (2) |
|
1.1.2.6 Lab-Learning the Details of Attacks |
|
|
9 | (2) |
|
|
|
9 | (1) |
|
|
|
9 | (1) |
|
|
|
9 | (1) |
|
Conduct a Search of IoT Application Vulnerabilities |
|
|
9 | (2) |
|
1.1.3.4 Lab-Visualizing the Black Hats |
|
|
11 | (3) |
|
|
|
11 | (1) |
|
|
|
11 | (1) |
|
|
|
11 | (3) |
|
1.2.2.5 Lab-Becoming a Defender |
|
|
14 | (3) |
|
|
|
14 | (1) |
|
|
|
14 | (1) |
|
|
|
14 | (3) |
| Chapter 2 Windows Operating System |
|
17 | (54) |
|
2.0.1.2 Class Activity-Identify Running Processes |
|
|
17 | (3) |
|
|
|
17 | (1) |
|
|
|
17 | (1) |
|
|
|
17 | (3) |
|
2.1.2.10 Lab-Exploring Processes, Threads, Handles, and Windows Registry |
|
|
20 | (8) |
|
|
|
20 | (1) |
|
|
|
20 | (1) |
|
Part 1: Exploring Processes |
|
|
20 | (3) |
|
Part 2: Exploring Threads and Handles |
|
|
23 | (2) |
|
Part 3: Exploring Windows Registry |
|
|
25 | (3) |
|
2.2.1.10 Lab-Create User Accounts |
|
|
28 | (9) |
|
|
|
28 | (1) |
|
|
|
28 | (1) |
|
Part 1: Creating a New Local User Account |
|
|
28 | (5) |
|
Part 2: Reviewing User Account Properties |
|
|
33 | (1) |
|
Part 3: Modifying Local User Accounts |
|
|
34 | (2) |
|
|
|
36 | (1) |
|
2.2.1.11 Lab-Using Windows PowerShell |
|
|
37 | (6) |
|
|
|
37 | (1) |
|
|
|
37 | (1) |
|
|
|
37 | (5) |
|
|
|
42 | (1) |
|
2.2.1.12 Lab-Windows Task Manager |
|
|
43 | (9) |
|
|
|
43 | (1) |
|
|
|
43 | (1) |
|
|
|
43 | (1) |
|
Part 1: Working in the Processes Tab |
|
|
43 | (4) |
|
Part 2: Working in the Services Tab |
|
|
47 | (1) |
|
Part 3: Working in the Performance Tab |
|
|
48 | (3) |
|
|
|
51 | (1) |
|
2.2.1.13 Lab-Monitor and Manage System Resources in Windows |
|
|
52 | (19) |
|
|
|
52 | (1) |
|
|
|
52 | (1) |
|
Part 1: Starting and Stopping the Routing and Remote Access Service |
|
|
52 | (7) |
|
Part 2: Working in the Computer Management Utility |
|
|
59 | (2) |
|
Part 3: Configuring Administrative Tools |
|
|
61 | (10) |
| Chapter 3 Linux Operating System |
|
71 | (54) |
|
3.1.2.6 Lab-Working with Text Files in the CLI |
|
|
71 | (11) |
|
|
|
71 | (1) |
|
|
|
71 | (1) |
|
Part 1: Graphical Text Editors |
|
|
71 | (1) |
|
Part 2: Command Line Text Editors |
|
|
72 | (2) |
|
Part 3: Working with Configuration Files |
|
|
74 | (7) |
|
|
|
81 | (1) |
|
3.1.2.7 Lab-Getting Familiar with the Linux Shell |
|
|
82 | (8) |
|
|
|
82 | (1) |
|
|
|
82 | (1) |
|
|
|
82 | (5) |
|
Part 2: Copying, Deleting, and Moving Files |
|
|
87 | (2) |
|
|
|
89 | (1) |
|
3.1.3.4 Lab-Linux Servers |
|
|
90 | (7) |
|
|
|
90 | (1) |
|
|
|
90 | (1) |
|
|
|
90 | (4) |
|
Part 2: Using Telnet to Test TCP Services |
|
|
94 | (2) |
|
|
|
96 | (1) |
|
3.2.1.4 Lab-Locating Log Files |
|
|
97 | (17) |
|
|
|
97 | (1) |
|
|
|
97 | (1) |
|
Part 1: Log File Overview |
|
|
97 | (2) |
|
Part 2: Locating Log Files in Unknown Systems |
|
|
99 | (5) |
|
Part 3: Monitoring Log Files in Real Time |
|
|
104 | (9) |
|
|
|
113 | (1) |
|
3.2.2.4 Lab-Navigating the Linux Filesystem and Permission Settings |
|
|
114 | (11) |
|
|
|
114 | (1) |
|
|
|
114 | (1) |
|
Part 1: Exploring File systems in Linux |
|
|
114 | (3) |
|
|
|
117 | (3) |
|
Part 3: Symbolic Links and other Special File Types |
|
|
120 | (3) |
|
|
|
123 | (2) |
| Chapter 4 Network Protocols and Services |
|
125 | (58) |
|
4.1.1.7 Lab-Tracing a Route |
|
|
125 | (4) |
|
|
|
125 | (1) |
|
|
|
125 | (1) |
|
|
|
125 | (1) |
|
|
|
126 | (1) |
|
Part 1: Verifying Network Connectivity Using Ping |
|
|
126 | (1) |
|
Part 2: Tracing a Route to a Remote Server Using Traceroute |
|
|
126 | (1) |
|
Part 3: Trace a Route to a Remote Server Using Web-Based Traceroute Tool |
|
|
127 | (1) |
|
|
|
128 | (1) |
|
4.1.2.10 Lab-Introduction to Wireshark |
|
|
129 | (7) |
|
|
|
129 | (1) |
|
|
|
129 | (1) |
|
|
|
129 | (1) |
|
|
|
130 | (1) |
|
Part 1: Install and Verify the Mininet Topology |
|
|
130 | (1) |
|
Part 2: Capture and Analyze ICMP Data in Wireshark |
|
|
131 | (5) |
|
4.4.2.8 Lab-Using Wireshark to Examine Ethernet Frames |
|
|
136 | (7) |
|
|
|
136 | (1) |
|
|
|
136 | (1) |
|
|
|
136 | (1) |
|
|
|
137 | (1) |
|
Part 1: Examine the Header Fields in an Ethernet II Frame |
|
|
137 | (2) |
|
Part 2: Use Wireshark to Capture and Analyze Ethernet Frames |
|
|
139 | (3) |
|
|
|
142 | (1) |
|
4.5.2.4 Lab-Using Wireshark to Observe the TCP 3-Way Handshake |
|
|
143 | (6) |
|
|
|
143 | (1) |
|
|
|
143 | (1) |
|
|
|
143 | (1) |
|
|
|
143 | (1) |
|
Part 1: Prepare the Hosts to Capture the Traffic |
|
|
144 | (1) |
|
Part 2: Analyze the Packets Using Wireshark |
|
|
144 | (3) |
|
Part 3: View the Packets Using tcpdump |
|
|
147 | (1) |
|
|
|
148 | (1) |
|
4.5.2.10 Lab-Exploring Nmap |
|
|
149 | (7) |
|
|
|
149 | (1) |
|
|
|
149 | (1) |
|
|
|
149 | (1) |
|
|
|
149 | (1) |
|
|
|
149 | (3) |
|
Part 2: Scanning for Open Ports |
|
|
152 | (3) |
|
|
|
155 | (1) |
|
4.6.2.7 Lab-Using Wireshark to Examine a UDP DNS Capture |
|
|
156 | (7) |
|
|
|
156 | (1) |
|
|
|
156 | (1) |
|
|
|
156 | (1) |
|
|
|
156 | (1) |
|
Part 1: Record VM's IP Configuration Information |
|
|
156 | (1) |
|
Part 2: Use Wireshark to Capture DNS Queries and Responses |
|
|
157 | (1) |
|
Part 3: Analyze Captured DNS or UDP Packets |
|
|
158 | (4) |
|
|
|
162 | (1) |
|
4.6.4.3 Lab-Using Wireshark to Examine TCP and UDP Captures |
|
|
163 | (12) |
|
|
|
163 | (1) |
|
Mininet Topology-Part 2 (TFTP) |
|
|
163 | (1) |
|
|
|
164 | (1) |
|
|
|
164 | (1) |
|
|
|
164 | (1) |
|
Part 1: Identify TCP Header Fields and Operation Using a Wireshark FTP Session Capture |
|
|
164 | (7) |
|
Part 2: Identify UDP Header Fields and Operation Using a Wireshark TFTP Session Capture |
|
|
171 | (3) |
|
|
|
174 | (1) |
|
4.6.6.5 Lab-Using Wireshark to Examine HTTP and HTTPS |
|
|
175 | (8) |
|
|
|
175 | (1) |
|
|
|
175 | (1) |
|
|
|
175 | (1) |
|
Part 1: Capture and Vview HTTP Traffic |
|
|
175 | (3) |
|
Part 2: Capture and View HTTPS Traffic |
|
|
178 | (3) |
|
|
|
181 | (2) |
| Chapter 5 Network Infrastructure |
|
183 | (8) |
|
5.2.2.4 Packet Tracer-Access Control List Demonstration |
|
|
183 | (3) |
|
|
|
183 | (1) |
|
|
|
183 | (1) |
|
|
|
183 | (1) |
|
Part 1: Verify Local Connectivity and Test Access Control List |
|
|
183 | (1) |
|
Part 2: Remove ACL and Repeat Test |
|
|
184 | (1) |
|
|
|
185 | (1) |
|
5.3.1.10 Packet Tracer-Identify Packet Flow |
|
|
186 | (5) |
|
|
|
186 | (1) |
|
|
|
186 | (1) |
|
|
|
186 | (1) |
|
|
|
186 | (1) |
|
Part 1: Verifying Connectivity |
|
|
187 | (1) |
|
Part 2: Remote LAN Network Topology |
|
|
187 | (1) |
|
Part 3: WAN Network Topology |
|
|
188 | (3) |
| Chapter 6 Principles of Network Security |
|
191 | (4) |
|
6.2.1.11 Lab-Anatomy of Malware |
|
|
191 | (1) |
|
|
|
191 | (1) |
|
|
|
191 | (1) |
|
|
|
191 | (1) |
|
Conduct a Search of Recent Malware |
|
|
191 | (1) |
|
6.2.2.9 Lab-Social Engineering |
|
|
192 | (3) |
|
|
|
192 | (1) |
|
|
|
192 | (1) |
|
|
|
192 | (3) |
| Chapter 7 Network Attacks: A Deeper Look |
|
195 | (38) |
|
7.0.1.2 Class Activity-What's Going On? |
|
|
195 | (3) |
|
|
|
195 | (1) |
|
|
|
195 | (1) |
|
|
|
195 | (3) |
|
7.1.2.7 Packet Tracer-Logging Network Activity |
|
|
198 | (3) |
|
|
|
198 | (1) |
|
|
|
198 | (1) |
|
|
|
198 | (1) |
|
|
|
198 | (1) |
|
Part 1: Create FTP Traffic |
|
|
198 | (1) |
|
Part 2: Investigate the FTP Traffic |
|
|
199 | (1) |
|
Part 3: View syslog Messages |
|
|
199 | (1) |
|
|
|
200 | (1) |
|
7.3.1.6 Lab-Exploring DNS Traffic |
|
|
201 | (11) |
|
|
|
201 | (1) |
|
|
|
201 | (1) |
|
|
|
201 | (1) |
|
Part 1: Capture DNS Traffic |
|
|
201 | (3) |
|
Part 2: Explore DNS Query Traffic |
|
|
204 | (5) |
|
Part 3: Explore DNS Response Traffic |
|
|
209 | (2) |
|
|
|
211 | (1) |
|
7.3.2.4 Lab-Attacking a mySQL Database |
|
|
212 | (14) |
|
|
|
212 | (1) |
|
|
|
212 | (1) |
|
|
|
212 | (1) |
|
Part 1: Open the PCAP File and Follow the SQL Database Attacker |
|
|
212 | (13) |
|
|
|
225 | (1) |
|
7.3.2.5 Lab-Reading Server Logs |
|
|
226 | (9) |
|
|
|
226 | (1) |
|
|
|
226 | (1) |
|
|
|
226 | (1) |
|
Part 1: Reading Log Files with Cat, More, Less, and Tail |
|
|
226 | (4) |
|
Part 2: Log Files and Syslog |
|
|
230 | (1) |
|
Part 3: Log Files and Journalctl |
|
|
231 | (1) |
|
|
|
232 | (1) |
| Chapter 8 Protecting the Network |
|
233 | (2) |
|
There are no labs in this chapter. |
|
|
| Chapter 9 Cryptography and the Public Key Infrastructure |
|
235 | (28) |
|
9.0.1.2 Class Activity-Creating Codes |
|
|
235 | (3) |
|
|
|
235 | (1) |
|
|
|
235 | (1) |
|
|
|
235 | (3) |
|
9.1.1.6 Lab-Encrypting and Decrypting Data Using OpenSSL |
|
|
238 | (3) |
|
|
|
238 | (1) |
|
|
|
238 | (1) |
|
|
|
238 | (1) |
|
Part 1: Encrypting Messages with OpenSSL |
|
|
238 | (2) |
|
Part 2: Decrypting Messages with OpenSSL |
|
|
240 | (1) |
|
9.1.1.7 Lab-Encrypting and Decrypting Data Using a Hacker Tool |
|
|
241 | (6) |
|
|
|
241 | (1) |
|
|
|
241 | (1) |
|
|
|
241 | (1) |
|
Part 1: Create and Encrypt Files |
|
|
242 | (1) |
|
Part 2: Recover Encrypted Zip File Passwords |
|
|
243 | (4) |
|
9.1.1.8 Lab-Examining Telnet and SSH in Wireshark |
|
|
247 | (4) |
|
|
|
247 | (1) |
|
|
|
247 | (1) |
|
|
|
247 | (1) |
|
Part 1: Examining a Telnet Session with Wireshark |
|
|
247 | (2) |
|
Part 2: Examine an SSH Session with Wireshark |
|
|
249 | (1) |
|
|
|
250 | (1) |
|
9.1.2.5 Lab-Hashing Things Out |
|
|
251 | (3) |
|
|
|
251 | (1) |
|
|
|
251 | (1) |
|
|
|
251 | (1) |
|
Part 1: Creating Hashes with OpenSSL |
|
|
251 | (2) |
|
|
|
253 | (1) |
|
9.2.2.7 Lab-Certificate Authority Stores |
|
|
254 | (11) |
|
|
|
254 | (1) |
|
|
|
254 | (1) |
|
|
|
254 | (1) |
|
Part 1: Certificates Trusted by Your Browser |
|
|
254 | (4) |
|
Part 2: Checking for Man-In-Middle |
|
|
258 | (4) |
|
Part 3: Challenges (Optional) |
|
|
262 | (1) |
|
|
|
262 | (1) |
| Chapter 10 Endpoint Security and Analysis |
|
263 | (2) |
|
There are no labs in this chapter. |
|
|
| Chapter 11 Security Monitoring |
|
265 | (18) |
|
11.2.3.10 Packet Tracer-Explore a NetFlow Implementation |
|
|
265 | (7) |
|
|
|
265 | (1) |
|
|
|
265 | (1) |
|
|
|
265 | (1) |
|
Part 1: Observe NetFlow Flow Records-One Direction |
|
|
265 | (4) |
|
Part 2: Observe NetFlow Records for a Session that Enters and Leaves the Collector |
|
|
269 | (2) |
|
|
|
271 | (1) |
|
11.2.3.11 Packet Tracer-Logging from Multiple Sources |
|
|
272 | (4) |
|
|
|
272 | (1) |
|
|
|
272 | (1) |
|
|
|
272 | (1) |
|
Part 1: View Log Entries with Syslog |
|
|
272 | (1) |
|
|
|
273 | (1) |
|
Part 3: NetFlow and Visualization |
|
|
274 | (1) |
|
|
|
275 | (1) |
|
11.3.1.1 Lab-Setup a Multi-VM Environment |
|
|
276 | (7) |
|
|
|
276 | (1) |
|
|
|
276 | (1) |
|
|
|
276 | (1) |
|
|
|
276 | (7) |
| Chapter 12 Intrusion Data Analysis |
|
283 | (90) |
|
12.1.1.7 Lab-Snort and Firewall Rules |
|
|
283 | (9) |
|
|
|
283 | (1) |
|
|
|
283 | (1) |
|
|
|
283 | (1) |
|
|
|
284 | (1) |
|
Part 1: Preparing the Virtual Environment |
|
|
284 | (1) |
|
Part 2: Firewall and IDS Logs |
|
|
284 | (8) |
|
12.2.1.5 Lab-Convert Data into a Universal Format |
|
|
292 | (12) |
|
|
|
292 | (1) |
|
|
|
292 | (1) |
|
|
|
292 | (1) |
|
Part 1: Normalize Timestamps in a Log File |
|
|
292 | (3) |
|
Part 2: Normalize Timestamps in an Apache Log File |
|
|
295 | (2) |
|
Part 3: Log File Preparation in Security Onion |
|
|
297 | (6) |
|
|
|
303 | (1) |
|
12.2.2.9 Lab-Regular Expression Tutorial |
|
|
304 | (3) |
|
|
|
304 | (1) |
|
|
|
304 | (1) |
|
|
|
304 | (3) |
|
12.2.2.10 Lab-Extract an Executable from a PCAP |
|
|
307 | (8) |
|
|
|
307 | (1) |
|
|
|
307 | (1) |
|
|
|
307 | (1) |
|
Part 1: Prepare the Virtual Environment |
|
|
307 | (1) |
|
Part 2: Analyze Pre-Captured Logs and Traffic Captures |
|
|
307 | (4) |
|
Part 3: Extract Downloaded Files From PCAPS |
|
|
311 | (4) |
|
12.4.1.1 Alt Lab-Interpret HTTP and DNS Data to Isolate Threat Actor |
|
|
315 | (10) |
|
|
|
315 | (1) |
|
|
|
315 | (1) |
|
|
|
315 | (1) |
|
Part 1: Prepare the Virtual Environment |
|
|
315 | (1) |
|
Part 2: Investigate an SQL Injection Attack |
|
|
316 | (7) |
|
Part 3: Analyze a Data Exfiltration |
|
|
323 | (2) |
|
12.4.1.1 Lab-Interpret HTTP and DNS Data to Isolate Threat Actor |
|
|
325 | (17) |
|
|
|
325 | (1) |
|
|
|
325 | (1) |
|
|
|
325 | (1) |
|
|
|
326 | (1) |
|
Part 1: Prepare the Virtual Environment |
|
|
326 | (1) |
|
Part 2: Investigate an SQL Injection Attack |
|
|
327 | (9) |
|
Part 3: Data Exfiltration Using DNS |
|
|
336 | (6) |
|
12.4.1.2 Alt Lab-Isolated Compromised Host Using 5-Tuple |
|
|
342 | (10) |
|
|
|
342 | (1) |
|
|
|
342 | (1) |
|
|
|
342 | (1) |
|
Part 1: Prepare the Virtual Environment |
|
|
342 | (1) |
|
|
|
343 | (8) |
|
|
|
351 | (1) |
|
12.4.1.2 Lab-Isolated Compromised Host Using 5-Tuple |
|
|
352 | (21) |
|
|
|
352 | (1) |
|
|
|
352 | (1) |
|
|
|
352 | (1) |
|
|
|
353 | (1) |
|
Part 1: Prepare the Virtual Environment |
|
|
353 | (2) |
|
|
|
355 | (1) |
|
|
|
356 | (4) |
|
|
|
360 | (3) |
|
|
|
363 | (8) |
|
|
|
371 | (2) |
| Chapter 13 Incident Response and Handling |
|
373 | |
|
13.2.2.13 Lab-Incident Handling |
|
|
373 | |
|
|
|
373 | (1) |
|
|
|
373 | (1) |
|
Scenario 1: Worm and Distributed Denial of Service (DDoS) Agent |
|
|
|
|
|
373 | (1) |
|
Scenario 2: Unauthorized Access to Payroll Records |
|
|
374 | |
