We have had an exciting start to the summer here at RangeForce. We launched the RangeForce CyberSkills Platform 2.0 and added 12 new training modules and challenges. We now have over 200 hours of hands-on technical security training.
The latest training covers Security Operations (SOC) and DevOps tracks. Here are our newest training modules:
New Security Tools Training Modules
We continue to build out our Security Tools Courses, with many new modules, including vendor tool training forSplunkandRecorded Future. Watch for more coming in the next few months.
Security Tools – Microsoft – Fiddler: Fiddler is a free web debugging proxy for any browser and platform. In this module, you’ve been given testing access to a stocks trading website with a goal of finding a vulnerability. Learn how to use Fiddler to inspect and edit HTTPS traffic to find vulnerabilities on websites.
Security Tools – Metasploit: The Metasploit Framework is one of the most useful testing tools available to security professionals. Using Metasploit, you can access disclosed exploits for a wide variety of applications and operating systems. You can automatically scan, test, and exploit systems using code that other hackers have written. In this module, you will learn how to run a Metasploit exploit module against a vulnerable Redis server.
Security Tools – Nmap: NFS Enumeration: Nmap, also known as network mapper, is a free and open-source security tool widely known for its powerful network discovery, enumeration, and security auditing abilities. After completion of the training, you will learn how to use Nmap to enumerate available NFS exports (file shares) and list files.
New Security Operations Training Modules
Security Operations is a continued area of focus for our new modules. These courses focus on the latest attack vectors and methodologies, as well as incident detection, response, and investigation best practices. Training modules teach both the red team (offensive) and blue team (defensive) sides of an attack.
SOC – Reverse Engineering 1: Reverse engineering is a process that hackers use to figure out a program’s components and functionalities in order to find vulnerabilities. In this module, learn how to recover a password from a program using a simple reverse engineering command-line tool.
SOC – Reverse Engineering 2: Ghidra is a software reverse engineering framework created by the National Security Agency. It includes a variety of tools that help users analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Its capabilities cover disassembly, assembly, decompilation, and to name just a few. In this module, you will learn how to recover a password from a program by reverse engineering it with Ghidra.
SOC – Reverse Engineering 3: The process of making changes to a binary and modifying its instruction flow is called “patching a binary.” Hackers use this to bypass built-in protections, or to make the program behave in a different way so that the exploit development process goes more smoothly. In this module, you will learn how to modify a program to bypass a password check.
New Security Challenges
Security Challenges are the places where you test your skills. No help or hints here, just dig into the challenge and see if you have what it takes to win.
SOC Challenge – Privilege Escalation: Miscombobulations: In this challenge, you are tasked with escalating your privileges in a poorly configured server located at a university. As a result, you are able to use server misconfigurations to escalate privileges.
SOC Challenge – Mountaineer: In this challenge, you are tasked with breaking into an NFS share to get remote access.
SOC Challenge – Socat: There are some applications that are usually used for a specific task but also offer users the ability to run arbitrary commands. In this challenge, you are tasked with gaining root privileges on the target server.
New Secure DevOps Training Modules
Learning secure DevOps (DevSecOps) is just as important to a company’s defenses as learning security operations. The better your code’s security hygiene, the more bulletproof your company.
DevOps – Log Management: Systemd Journal: The systemd journal stores log messages in a central database which allows for efficient searching of these messages, not just by the message text but also according to metadata about the context of the messages. Knowing how to find information in log messages can be crucial for many system administration tasks such as troubleshooting, auditing, forensics and monitoring. In this module, learn how to search for information in the systemd journal and how to secure the journal data against malicious corruption.
DevOps – Log Management: Systemd Journal Remote: When administering multiple servers it is convenient to have an overview of all log messages in a central place. The Systemd Journal allows forwarding log messages using the systemd-journal-remote and systemd-journal-upload services. In this module, you will learn how to implement forwarding journal messages to a log server.
DevOps Challenge – Security and Protection Fundamentals: Take this module to test your knowledge of basic security concepts to see how well you would perform in real life. Get ready to jump-start your path to cyber resiliency!
Watch for even more training modules to be launched in the coming months. Remember, as a customer, you get access to all of our modules and any new ones that are delivered for the duration of your license all at an amazingly affordable price.