These labs focus on defensive techniques against common attacks.
- Tools: Wireshark, Suricata, Snort
- Objective: Detect abnormal traffic (port scans, ARP poisoning).
- Exercise: Configure IDS to alert on Nmap SYN scan.
- Tools: Cuckoo Sandbox, VirusTotal
- Objective: Analyze unknown executable safely.
- Exercise: Upload sample → observe file, registry, and network activity.
- Tools: Windows GPO / Linux PAM
- Objective: Enforce complexity, expiration, and lockout rules.
- Exercise: Configure password policies and test brute-force prevention.
- Tools: ModSecurity, Nginx WAF module
- Objective: Block SQL Injection & XSS payloads.
- Exercise: Deploy WAF → attempt test payloads → verify logs.
- Scenario: Company email compromised via phishing.
- Steps:
- Containment (disable compromised account)
- Eradication (scan endpoints, block IOC domains)
- Recovery (reset passwords, restore clean backup)
- Lessons learned (awareness training, email filtering)