Labs that introduce students to a variety of cybersecurity tools ranging from penetration testing, vulnerability assessment, forensics, and malware analysis.

1. Identifying Live Machines and Services on an Unknown Network. Students will perform scans on a local network to find live machines, identify their operating systems, and locate open network ports. With the open ports identified, they will check to see what services are running on each port and, where possible, extract information about the server software from the "banner" information it sends on each connection.
2. Service Identification I. Students will use multiple tools to identify services, including software package and version information, running on unknown systems.
3. Introduction to Metasploit. Metasploit is commonly used by network managers to discover vulnerabilities in a wide variety of software applications, as well as by attackers to exploit those same vulnerabilities.
4. Web Application Security Analysis using OWASP-ZAP. This lab introduces the OWASP-ZAP security tool and allows students to practice discovering and analyzing vulnerabilities, such as SQL injection and cross site scripting (XSS), in web applications and web sites.
5. DoS Attacks and Defenses. This lab teaches three different Denial of Service attacks and techniques to mitigate them: (1) A TCP SYN Flood attack that exploits a weakness in the design of the TCP transport protocol, (2) A slow HTTP attack called Slowloris that takes advantage of how HTTP servers work, (3) A DNS amplification attack that exploits misconfigured DNS servers, of which there are plenty on the Internet.
6. Intrusion Detection using Zeek (formerly Bro). Students will learn how to deploy, configure and customize a Zeek Network Intrusion Detection System (NIDS).  They will customize Zeek to generate enterprise specific logs and to send email notifications of events of interest. They will also create a simple Zeek plugin, using the Zeek scripting language, to detect and block brute force ssh login attempts.
7. Host IDS Setup with OSSEC. Students learn how to configure and run the widely-used, free OSSEC Host Intrusion Detection System (HIDS). During the exercise, students will learn how to check for rootkits using OSSEC, how to verify file integrity, how to set up passive and active responses, and more. Host intrusion detection is critical to maintaining a secure system, and is required by HIPAA and PCI regulations, both of which OSSEC can help you meet.
8. Log Analysis with RSYSLOG. This lab teaches students to setup and configure a central RSYSLOG server that will receive and store logs from FreeBSD, Linux and Windows clients. Students will learn to configure log forwarding on the clients, and log rotation and filtering on the server. They will also learn to use Logwatch to analyze logs and fail2ban to automatically respond to suspicious activity found in the logs.
9. Firewall Configuration with pfSense. Students will learn to secure and configure the widely used, open-source pfSense firewall. They will learn to create firewall rules, the order in which rules are applied, how pfSense aliases can be used to simplify the pfSense rule set, and how to secure pfSense itself. They will also learn to view statistics and logs collected by pfSense.
10. Introductory File System Forensics. File systems store the vast majority of forensically-relevant information about cybercrimes. This lab will introduce you to the process of imaging and forensically analyzing disks, including finding artifacts such as deleted files.