Free Attack and Defend Lab – Cisco Splunk Kali Linux, Radware, etc.

One project I’ve been working on for over 7 years is a attack and defend lab called the Cyber Defense Clinic. My thought, goal, mission for this is the following … its a bold goal but one I’ve had for a while.

Allow anybody, anywhere, any age, any race, free cyber security education.

We use real technology and real attacks meaning no dummy data / PCAPs being replayed or fake equipment. We have to manage the licenses, updates, etc which is painful but we believe is the best way to run this type of experience.

To register, you go HERE. You will need to do three things

  1. Create a free dcloud account. Within dcloud, click your user icon and identify your “user ID”. Not sure email or user name. Your user ID.
  2. Go to ciscosecurityworkshop.com and register for access to the lab guide. Use Attack2Defend! as the password
  3. Go to the registration page and fill in your dcloud user ID and date you want to start the lab.

That’s it. Sign up now.

To better understand the attackers and defenders, we have created two comics you can download HERE and HERE.

Below is a summary of what is covered. We are always adding content and modules and each module is individual meaning you can start anywhere vs having to work in chronological order.

Topics Covered By Each Module

  • CDC Module 0: The Modern Security Threat 
    • Overview and discussion of the latest threats in the wild and defenses
  • CDC Module 1: Welcome to HackMDs
    • Detailed introduction to the attack/defend environment
  • CDC Module 2: Becoming a Cyber Criminal
    • Discussion of how attackers work and how defenders must think like an attacker
    • Reconnaissance with Shodan, Masscan, NMAP and Vulnerability management with Rapid7 Nexpose 
  • CDC Module 3: Smash & Grab
    • Use Metasploit to compromise a vulnerable server/identify and defend against attack utilizing NGFW
    • Metasploit | Firepower
  • CDC Module 4: Ransomware 
    •  Utilize AMP/ThreatGrid/ESA to defend against Phishing attack that leads to Ransomware Infection
    • Ransomware | AMP
    • SecureX with AMP, ESA and Stealthwatch
  • CDC Module 5: Insider Threats
    • Gain access to target network and utilize metasploit to pivot throughout the network compromising multiple systems along the way, then Detect and mitigate the APT like behavior on your network utilizing ISE and Stealthwatch
    • Insider lateral movement | Stealthwatch
  • CDC Module 6: The Compromised Laptop 
    •  Access network through compromised VPN node/Detect and remove compromised host from network utilizing ISE/NGFW
    • User malware | ISE, Firepower and Rapid Threat Defense
  • CDC Module 7: Centralized Defense 
    • This is a Threat Hunting scenario using two market leaders for security information and event management (SIEM)
    • Splunk with Apps and IBM QRadar
  • CDC Module 8: Security Automation and Response with SOAR
    • ​​​​​​​Learn how to automate playbooks to improve response to security incidents
    • Splunk Phantom
  • CDC Module 9: Web Defense & Resource Sustainability Part 1
    • Attack web application with XSS and SQL injection attacks then defend against them using Radware WAF
    • Web Exploitation | Radware AppWall
  • CDC Module 10: Web Defense & Resource Sustainability Part 2
    • ​​​​​​​Switch to denial of service (DoS) attacks against the HackMDs web services Defend with Radware DDoS defense
      • DDoS Defense | Radware DefensePro
  • CDC Module 11: Ransomware Reboot
    • Deliver dropper and RAT to gain internal access and kill target then use AMP/Stealthwatch/Firepower/Umbrella to identify and remediate the attack
    • Ransomware, Empire and Bloodhound | Firepower, Stealthwatch, and AMP
  • CDC Module 12: Defending Identities and Password Compromise
    • Launch Phishing and Social Engineering attack to gain access then use Duo and Splunk to defend
    • Phishing with SET | Duo securing Splunk
  • CDC Module 13: Monitoring for Threats and Performance – 
    • Monitor HackMDs datacenter for potential threats utilizing Cisco Tetration
  • CDC Module 14: CDC Challenge
    • Perform forensics to understand compromise
    • Hunting Command and Control with Wireshark

Sign up now and let me know what you think.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.