Here are the new RangeForce Training Modules for February. There are some great new cyber range exercises included with everyone one of these modules so that cybersecurity pros can get hands-on training. The twelve new modules focus primarily on our Security Operations (SOC) Track. Some highlights include our second and third modules on Regex and our first (of many) on YARA rule training. With this release, our training module count now stands at 120 and 100+ hours of training content.Here are our newest training modules:
This is the second in a series of regex training modules, and perfect for Intermediate learners.You will write regex patterns for hostnames and URLs, then use the patterns to write URL substitution rules.
This is a foundational module to learn how to leverage the venerable Nmap tool to find a Secure Shell (SSH) server that is using insecure authorization methods. You then will log in to that server and make it more secure by modifying the config file.
The SSH-Audit tool checks which cryptographic algorithms are enabled by an SSH server’s settings and outputs a report showing which algorithms are considered vulnerable and should be disabled. Use this tool to scan a server, then change the server’s configuration to apply the recommended changes.
Security Operations Track: Challenge Grasshopper
You have been tasked with re-assessing the security of the company servers after a recent security breach. Discover new vulnerabilities that can be exploited to gain remote access into the internal server.
Security Operations Track: Challenge Bulkhead
This challenge is focused on log monitoring and the mitigation of malicious behavior using an IDS/IPS tool called Suricata. During the challenge, you will be using Suricata to identify malicious traffic and secure a website.
Security Operations Track: Challenge OpenSMTPD
An advanced, scenario-based module where the learner is challenged to investigate an OpenSMTPD server and discover any vulnerabilities. Based onCVE-2020-7247.
Security Operations Track: Nmap SNMP Enumeration
Building on Nmap basics, we are releasing the SNMP enumeration module next. This opens the world of built-in Nmap scripts to the user which can help you extend the base functionality. The user will learn how to extract network information via weak SNMP strings.
Security Operations Track: Yara Introduction
Yara is a pattern-matching language that is used pervasively across the industry in both commercial and open-source products. In this module, you will learn how Yara works and how to write rules to detect specific conditions. This knowledge can be used across many vendor offerings.
Security Operations Track: Challenge Daikon
Use Metasploit to exploit a vulnerable Redis server.
Security Operations Track: Privilege Escalation Linux Capabilities
Learn how misconfigured file capabilities in Linux can allow local users to escalateprivileges.
This is our third module on regular expressions, this is intended for more experienced users who have completed the Foundational and Intermediate modules. You will learn about LookArounds and Conditionals.
Security Operations Track: Challenge Joker
You have permission to edit a particular file on the server. However, the editor has a ‘shell escape’ feature which allows running arbitrary commands. Use this to exploit the server.
WASE Track: Challenge Kappa
Your goal is to investigate an ‘unhackable’ website, identify an unknown vulnerability (hint: it might be a remote code execution vulnerability), and exploit it.
To help create training plans, RangeForce maps our training modules to OWASP’s Top Ten List. RangeForce currently covers over 90% of OWASP’s Top 10 List. As new modules are delivered, this document will be updated.Read the datasheet to learn more.