This introductory lab has students using simple SQL injection to attempt to gain unauthorized access to data on an intentionally vulnerable web server. The lab document includes a brief SQL primer so that students understand enough to exploit simple SQL injection attacks, followed by an introduction to DVWA and its SQL Injection page for testing injection techniques.
Students will use various block cipher modes of encryption to encrypt files and then compare and contrast based on the degree of data hiding achieved and the impact of bit errors on the encrypted document when it is decrypted.
Students will use Snort to examine a packet capture file and then examine the results using BASE (Basic Analysis and Security Engine), a web front-end for Snort. Students will then examine and implement iptables rules on a Linux virtual machine.
This individual laboratory exercise will familiarize you with the Virginia Cyber Range and provide some hands-on experience with password cracking and buffer overflows.
This Beginner Plus level lab exercise introduction to Linux host-based network security consists of two parts. It will provide some hands-on layered defense experience with hardening a LAMP (Linux, Apache, MySQL, PHP) server by examining what ports, IPs and services are exposed to the network, and work on addressing and securing the outstanding network security issues layer by layer.
This exercise provides hands-on experience applying all concepts learned during the Introduction to Digital Forensics Module. Students will use tools on the SANS SIFT Workstation Linux distribution to examine various artifacts as part of a capstone exercise.