Lab Summary Top

Summaries of Labtainer Exercises

The following labs are packaged within the Labtainer distribution.  Many of these are derived from the SEED labs from Syracuse University. There is no separate download step required for any of the labs.  Whenever they are run the first time, the framework automatically downloads whatever is needed from the Docker Hub.  For summary purposes, labs are organized into the following categories:

Additional labs are available from other authors as IModules described here.

Labs are also organized into "Labpacks", as seen using the labpack command.  Instructors can create their own Labpacks as described in the Instructor Guide.

Software Vulnerabilities

  Software Vulnerabilities

 
Lab Description difficulty
overrun Introduction to memory references beyond boundaries of C data structures.. 1
bufoverflow An example program vulnerable to a stack buffer overflow, derived from a SEED lab. 3
buf64 A 64-bit version of the bufoverflow lab 3
printf Introduction to memory references made by printf, and the potential for exploitation. 1
formatstring Explore C library printf function vulnerabilities, derived from a SEED lab. 2
format64 A 64-bit version of the formatstring lab 2
retlibc  Exploit a program using a buffer overflow and return-to-libc, derived from a SEED lab. 3
metasploit Use metasploit on a Kali Linux system to attack a "metasploitable" host. 1
setuid-env Risks of the setuid feature, including environment variables, derived from a SEED lab. 2
ida2 Illustrate the lossy nature of code compilation and underscores the challenges of reverse engineering a compiled binary. 2
ghidra Reverse engineer a simple vulnerable service to discover and demonstrate some of its properties. 2
cgc   Explore over 200 vulnerable services from the DARPA Cyber Grand Challenge. 3
Networking Labs

Networking 

 
Lab Description difficulty
telnetlab The student uses telnet to access a remote computer, and employs the tcpdump tool to view plaintext passwords, and to observe how use of ssh mitigates that vulnerability.  1 
nmap-discovery The nmap utility is used to locate an ssh server on a network and to discover the port number being used by the service. 2
nmap-ssh The nmap utility is utilized in combination with the tshark network traffic analysis utility to demonstrate a security problem with an ssh server. 2
network-basics Basic networking including ARP, ping and an introduction to TCP/IP. 1
routing-basics A simple routing example with two LANs and an internet connection via NAT 2
dns An introduction to DNS fuctions and its protocol. 2
iptables The iptables utility is used to configure a “firewall” component to only forward selected application service traffic between a client and a server. 2
tcpip TCP/IP protocol vulnerabilities, including SYN flooding, RST attacks and session hijacking.  Derived from the SEED lab. 2
arp-spoof Use of ARP spoofing for Man-in-the-middle attacks. 2
local-dns DNS spoofing and cache poisoning on a local area network.  Derived from the SEED lab. 3
snort Use of snort for network intrusion detection 2
dmz-lab Set up a DMZ for an enterprise. 2
radius Use a Radius authentication service to authenticate network devices. 2
ldap Authenticate users of Linux servers using an LDAP service. 2
bird-bgp Explore the Gateway Border Protocol and configure a BGP router. 2
bird-ospf Explore the Open Shortest Path First router protocol and use it to create a spoofed website. 2
Also see crypto labs, e.g., ssh, vpn and ssl labs.  And Network Traffic Analysis  below.
Network Traffic Analysis

Network Traffic Analysis 

 
Lab Description difficulty
pcapanalysis The tshark network traffic analysis tool is used to identify and display a specific network packet containing a plaintext password. 2
wireshark-intro Introduction to the use of Wireshark analyze network traffic. 2
packet-introspection Use Wireshark for more advanced analysis of network traffic 3
pcap-lib Develop programs using the PCAP library to analyze an unknown packet capture. 3
netflow

Explore the NetFlow network traffic protocol and data record type using the CMU SiLK software suite.

 3
Also see the Industrial Control System traffic analysis labs
Crypto Labs

Crypto Labs 

 
Lab Description difficulty
macs-hash Exploration of cryptographic hashes and the potential for hash collisions. 2
onewayhash  Introduction to generating cryptographic hashes using the openssl utility. 1
pubkey

Explore public key certificates from a variety of web sites

 1
sshlab

Use of a public/private key pair to access a server via ssh.

 1
ssh-agent Use an SSH agent to manage your private key and avoid retyping your passphase 1
ssh-tunnel Use ssh tunnels to access remote computers. 1
ssl Use of SSL to authenticate both sides of a connection, includes creating and signing certificates using a CA. 2
symkeylab

 Exploration of symmetric key encryption modes.

 1
vpnlab

 Example use of OpenVPN to protect network traffic.

 2
vpnlab2  Similar to vpnlab, but with the use of a vpn gateway. 2
Web Security Labs

Web Security Labs 

 
Lab Description difficulty
webtrack Illustrates web tracking techniques and the role of ad servers, derived from a SEED lab. 1
xforge  Cross Site Request Forgery with a vulnerable web site, derived from a SEED lab. 2
xsite

 Cross site scripting attacks on a vulnerable web server, derived from a SEED lab.

 2
sql-inject  SQL injection attacks and countermeasures, derived from a SEED lab. 2
 Also see the ten OWASP framework-based web security labs distributed as Labtainers IModules.
System Security & Operations

System Security & Operations

 
Lab Description difficulty
acl Acess Control Lists (ACLs) on Linux 2
db-access Control sharing of information within an SQL database per an information security policy. 2
backups2 Using tar and dump/restore for file backups, including remote backups. 1
capabilities Use of Linux capabilites to limit program privileges. 2
sys-log System log basic usage and configuration on an Ubuntu system. 2
centos-log  System log basic usage and configuration on a CentOS system. 2
file-deletion Data recovery from deleted files within EXT2 and NTFS file systems. 2
file-integrity File integrity checking and intrusion detection with AIDE 2
pass-crack  Introduction to passwords and elementary cracking schemes. 2
denyhost Use of the denyhost utility to block brute force attacks on SSH 2
ossec Host-based IDS with OSSEC. 2
users Introduction to managing users and groups and file permissions. 1
nix-commands Introduction to Linux and shell commands. 1
Also see ldap, radius, snort and iptables in Networking.
Industrial Control System Security

Industrial Control System Security 

 
Lab Description difficulty
softplc Program a software-based programmable logic controller (PLC) 3
plc-forensics  Forensic analysis of a PLC session from a rouge client. 2
plc-forensics-adv Forensic analysis of a PLC session from a rouge client, including CIP & EtherNet/IP protocols. 4
plc Simulated example of a vulnerable Programmable Logic Controller system. 2
plc-app Application firewall and whitelisting to protect a PLC. 2
iptables-ics Use iptables to limit traffic destined for a PLC through a firewall. 2
grassmarlin Introduction to the GrassMarlin SCADA/ICS network discovery tool. 2
plc-traffic Use the GrassMarlin tool to view traffic you generate interacting with a PLC. 2
Also see the ssl; radius and ldap labs for authentication of devices and people.
Miscellaneous

Miscellaneous

Lab Description
cyberciege The CyberCIEGE video game.
gdblesson Introduce use of GDB to debug a simple C program.
gdb-cpp Expand on the use of GDB to debug a simple C++ program.
quantum Explores quantum algorithms: (1) teleportation; and, (2) Grover's algorithm.
parallel Explores parallel computing by compiling and running MPI programs.

 

This work was supported by NSF grant DUE-1438893. The views expressed in this material are those of the authors and do not reflect the official policy or position of the National Science Foundation, the Naval Postgraduate School, the Department of Defense, or the U.S. Government.