BEGINNER'S PATH

SKILLS ENVIRONMENT

PRACTICAL IN THE AREA OF CYBERSECURITY

The HackingDept Beginner's Path environment is dedicated to students of full-time and postgraduate studies in IT and cybersecurity. It enables the development of practical skills as part of laboratory and workshop classes. During the course, students will learn from scratch how to conduct network penetration tests and services served on Linux hosts.

The range of topics available is comparable to the knowledge required in recognized international, industry, and practical cybersecOSCP).

The HackingDept Beginner's Path environment is installed on the HackingDept BOX BP platform.

BEGINNER'S PATH ENVIRONMENT

The laboratory configured on the HackingDept BOX BP platform has over 2,500 virtual machines. Students can access 5 networks and 42 virtual machines with progressive difficulty levels. Since each virtual machine always contains two separate exercises (user and root) and sometimes a foothold, over 80 tasks are shared on all virtual machines.

The machines are connected in pairs, gaining access to the resources of one machine makes it possible to attempt to compromise the other. The environment has been divided into the "LEARN" part where the student learns new offensive security techniques and the "PRACTICE" part, where he independently verifies the acquired skills.

ISSUES DISCUSSED USING THE BEGINNER'S PATH ENVIRONMENT

web application security part 1, the most popular attack methods (command injection, web shell upload, client-side data manipulation, deobfuscation of obfuscated code, SQL Injection, Template Injection, XSS, WordPress security),

web application security part 2, authentication, and authorization (mechanisms, session management, cookie security, unauthorized access to resources),

security of Internet applications part 3, databases (SQL, NoSQL, directory services),

web application security part 4, client-side security (Same-Origin Policy, Cross-Origin Resource Sharing, Content Security Policy, security headers),

network pivoting (socks proxy, proxy chains, SSH tunnels, routing, ip tables, NAT),

Linux, local privilege escalation (automatic system misconfiguration detection, process privileges, real vs effective vs saved IDs, Set-UID or Set-GID attribute, attacking old kernel versions),

Windows, local privilege escalation (tools for automatic vulnerability detection, "Potatoes" exploits, examples of vulnerability detection and exploitation),

computer architecture in terms of security (RAM, virtual memory, executable files, processes, stack, heap, basic assembly language),

Binary exploitation - 32-bit (exploitation of 32-bit applications, buffer overflow, overwriting the return address, code reuse, shellcode, ret2libc), discussion of protection against exploitation and ways to bypass them (ASLR, PIE, NX/DEP, Stack Canary).

Binary exploitation - 64-bit (exploitation of 64-bit applications, practical use of the Return-Oriented Programming technique).

USING HACKINGDEPT BEGINNER'S PATH

The range of available topics available on HackingDept Beginner's Path has been planned for 2 semesters (8 teaching hours x 20 days of training).

In the proposed implementation of the HackingDept Beginner's Path environment, each student has the entire environment (HackingDept stack) at their own and exclusive disposal. Due to the configuration of the HackingDept BOX BP server, the minimum number of purchased licenses is 60.

Currently, laboratory and workshop classes end with solving tasks that test the student's practical skills by the University's requirements.