Menu Close

Range Experience – Lab Sessions

CECyber Lab Sessions are practical classes on the Cyberbit Range, the world’s most advanced simulation platform. There are 14 cyber attack scenarios divided into 3 levels of difficulty. You can purchase each scenario individually, combine a series of scenarios or add the CECyber training on Fundamentals, with world-class material. All sessions are taught by CECyber instructors in classes of up to 10 students each.

Web Defacement

This scenario demonstrates one of the most common web attacks, the purpose of which is not to attack assets or steal corporate information, but rather to damage, mainly, the company’s reputation. The attacker infiltrates the organization’s web server that faces the Internet and prepares it to display text and an image that mischaracterize the site’s original content.

Duration: 4 hours


Apache Shutdown

In this scenario, the system attacks a well-known news site, which takes this site down. The attacker uses a brute force attack to gain access to the server and steal credentials to access the company’s network. The attack relies on other techniques to bring down the Apache service and prevent access to the corporate website.

Duration: 4 hours


Trojan Data Leakage

In this scenario, the attacker sends an infected email with a link to download and open malicious software. When the victim clicks the link, a Trojan is installed. The Trojan performs a local search, looking for important files and sends them to the attacker by email, performing a leak of sensitive corporate data.

Duration: 4 hours


DDoS DNS Amplification

In this scenario, based on denial of service, the attacker sends a series of DNS queries with masked target IP addresses to vulnerable DNS servers. The large number of DNS responses is sent back to the hacked system, overloading the target’s bandwidth and resources, paralyzing the server and causing the denial of service (DoS).

Duration: 3 hours


DDoS SYN Flood

In this scenario, the hacker carries out an attack that makes a Web server using a Botnet unavailable. This process is performed by a group of 50 computers with different IP addresses, used with the intention of delaying the process of analyzing and containing the incident. Traffic floods overwhelm the target’s bandwidth and resources, paralyzing the server and causing a denial of service (DoS) for the web server.

Duration: 3 hours

WPAD Man-in-the-Middle – Web Proxy Auto-Discovery Man-in-the-Middle

In this scenario, the attacker deceives the hosts by posing as a legitimate proxy in the segment. Once all user segment traffic passes through the attacker, sensitive data is extracted and removed to the attacker’s Command and Control server, located on the Internet, using two different methods – ICMP packets and DNS queries.

Duration: 4 hours


SQL Injection

In this scenario, the system attacks a well-known public web server using SQL injection. During the attack, the attacker exploits a vulnerability in the SQL database, which will be used later to extract all user names from the computer and their email and to stop internal server services.

Duration: 5 hours


DB Dump via FTP Exploit – Database Dump via File Transfer Protocol Exploit

In this scenario, the system emulates an attack by exploiting a known vulnerability in the FTP server, enabling a direct SQL connection to the database server. Once this happens, the system uses brute force to gain access to the SQL server and extract the corporate data using the table enumeration.

Duration: 5 hours


Java NMS Shutdown – Java Network Management System Shutdown

In this scenario, the system loads a malicious website that contains a trojan horse. When the unsuspecting user browses the website and runs the hidden Trojan, it connects to the Zenoss NMS monitoring server and shuts it down. From this moment on, all monitoring is interrupted and the attacker can disable any service without visual indication or automatic notifications to the cybersecurity team.

Duration: 5 hours


Java SendMail

In this scenario, the system loads a malicious website that contains a trojan horse. When an inattentive user browses the website and runs the hidden Trojan, he connects him to a SendMail server via SSH and adds a rule that forwards messages from all mailboxes to the attacker’s mail.

Duration: 5 hours

Ransomware

In this scenario, the hacker gets unauthorized access to a Corporate network using Social Engineering and Phishing techniques. Users, in turn, are infected by malware that encodes files. The security team must act to find the key that decrypts the hijacked files and also perform restoration of the security backups.

Duration: 6 hours


SIEM Disable

In this scenario, the attacker uses a brute force attack to gain access to the corporate router connected to the Internet. After successful login, the attacker modifies the configuration web page and finds credentials saved on the infected machine, using them to shut down SIEM and perform a port scan to map the target network.

Duration: 6 hours


Trojan Share Privilege Escalation

In this scenario, a Trojan is sent by e-mail to the user’s mailbox who, inattentive, executes the malicious link, allowing the attacker to break into the corporate network. To escalate their privileges, the attacker takes action to create an administrative account, which allows the Trojan to hack into the database server and use it as a gateway to upload secret files to the organization’s website and cause a large leak of public data .

Duration: 6 hours


WMI Worm – Windows Management Instrumentation Worm

In this scenario, the system inserts a CD-ROM infected by a worm, which is malicious software, into a Windows machine. The worm scans the network, spreads through the WMI and blocks all applications that can detect the presence of the worm (TaskMgr, ProcMon, Regedit etc.), freezing the application threads.

Duration: 6 hours