Editor’s Note: It’s hard to put together an introductory cyber security lab, this post by Greg Moore details our efforts in this direction. Please provide feedback and links on what you think will be great tools and resources for students learning the art and craft of cyber defense!
At Cyber Defenders, our mission is to bring students with little to no background in cybersecurity up to a knowledge level that allows them to work on meaningful research projects. The inaugural Cyber Defenders program has four project teams, each partnering with a different industry leader to work on a project in a growing and critical area of cyber security. The project topics for this year’s cohort are malware analysis (GotMalware), consumer data protection (Pensieve), mobile healthcare application vulnerabilities (HealthSec), and network security (Raspi).
As most students entering the program have little to no background in cybersecurity, prior to beginning our project work we provide a general introduction to the field of cybersecurity via lab exercises, tutorials, and suggested reading. Below we enumerate the steps we have taken to provide that general introduction and background. We invite you, dear reader, to contribute any suggestions about learning aids or content structure that will help us improve our cybersecurity lab!
We begin our introduction to cybersecurity with a discussion of the CIA triad (Confidentiality, Integrity, and Availability). This helps students conceptualize the ways that cybersecurity can be compromised and provides a useful starting point to introduce the various domains of cybersecurity that attempt to address these threat categories. As an exercise several types of attacks are presented (such as DDOS, password cracking, replay, etc) and students are asked to identify which letter(s) in the triad apply. CIA tutorials and videos.
Cryptography is presented as the cybersecurity domain that attempts to guarantee confidentiality and integrity for electronic information. We begin the cryptography lesson by covering the concepts of encryption and hashing. This provides an opportunity to review some foundational math concepts like changing bases and performing logic operations such as AND, OR, XOR, etc. To help students visualize what occurs during encryption, we have the student download CrypTool and walk through an animated tutorial covering the steps involved in AES encryption (CrypTool>Individ. Procedures>Visualization of Algorithms>AES>Rijndael Animation). We then introduce the concepts of salting and nonces, and we explore the differences between symmetric and asymmetric cryptography. As an exercise, we go through different combinations of public key encryption, private key encryption, shared key encryption, hashing, salting, and use of nonces. Students are asked to identify whether the combinations provide assurances of Confidentiality and Integrity. We conclude the cryptography exploration with a tutorial that demonstrates password cracking using a provided Python program and rainbow table. Cryptography Tutorials and Videos
- Network Security: This lab provides an overview of networking and how network security strategies are deployed to address the Availability pillar of the CIA triad. The introduction to networking begins with a description of the OSI layer model. We walk through each layer and their associated protocol, protocol data unit, and keyterms (such as MAC address, IP, etc). We then examine the well-known traditional network attacks ping-of-death, DDOS, and botnet-mediated DDOS. The network security lab concludes with a wireshark exercise in which students perform packet capture and practice analyzing network traffic. Network Security Tutorials–
- Malware — The malware lab begins with an overview of common types of malware and infection vectors. We cover concepts such as the reverse shell exploit, ransomware, and botnet generation. We then guide the students through installations of VirtualBox, KaliLinux, and Debian and then work through several tutorials that describe how malware can be generated using Metasploit and deployed. A favorite exercise involves walking students through infection of a pdf with a reverse callback shell in Metasploit. The students email the pdf to a dummy email account and open it on a Debian VM, and then control the Debian VM from their KaliLinux terminal. Following are some of the Malware Tutorials we use : KaliLinux, Metasploit, and Building A BotNet.
- Data forensics — The data forensics lab concludes our introduction to cyber security module. We begin with a discussion of file storage and erasure mechanisms. We then walk the students through a file recovery exercise using the forensic analysis tool Autopsy. Data Forensics Tutorial.
We have found the following books to be extremely helpful for introducing concepts, providing background information, and serving as on-hand reference guides.
- Singer, Peter W., and Allan Friedman. Cybersecurity: What Everyone Needs to Know. Oxford University Press, 2014. Link
- Anderson, Ross J. Security engineering: a guide to building dependable distributed systems. John Wiley & Sons, 2010. Link
- Schneier, Bruce. Data and Goliath: The hidden battles to collect your data and control your world. WW Norton & Company, 2015. Link
- Regalado, Daniel, et al. Gray Hat Hacking the Ethical Hacker’s Handbook. McGraw-Hill Education Group, 2015. Link
- Anley, Chris, et al. The shellcoder’s handbook: discovering and exploiting security holes. John Wiley & Sons, 2011. Link
- Marcella Jr, Albert J., and Frederic Guillossou. Cyber forensics: From data to digital evidence. Vol. 623. John Wiley & Sons, 2012. Link
- Raspberry Pi: Amazon
- Ethernet sniffer: Amazon
- Bluefruit (Bluetooth sniffer) at Amazon, Ubertooth (Bluetooth sniffer) at Amazon
- Rubber Ducky (USB keystroke injection tool) at Hakshop.
- Wifi Pineapple Router at Hakshop
- LAN Turtle at Hakshop
- Virtual Box : https://www.virtualbox.org/wiki/Downloads
- Kali Linux VM: https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/
- CrypTool: https://www.cryptool.org/en/ct1-downloads
- Wireshark/Tshark: https://www.wireshark.org/download.html
- Autopsy: http://www.autopsy.com/download/