From: Hunt Evil Training training@huntevil.

com
Subject: Cyber Security Analyst - Assignment #1 - Basics
Date: 17 January 2019 at 12:31
To: undisclosed-recipients:;
Bcc: sirgerald93@gmail.com

Hello,

If your receiving this email it means I received a request from you for the free cybersecurity hands-on labs training course.

Currently there will be 10 assignments.

Cyber Security Analyst - Assignment #1 - Basics

Cyber Security Analyst - Assignment #2 - External Discovery
Cyber Security Analyst - Assignment #3 - Web Exploitation - DVWA
Cyber Security Analyst - Assignment #4 - Windows System Exploitation
Cyber Security Analyst - Assignment #5 - Document Exploitation
Cyber Security Analyst - Assignment #6 - Post Exploitation and Lateral Movement
Cyber Security Analyst - Assignment #7 - Incident Detection and Response
Cyber Security Analyst - Assignment #8 - Forensics
Cyber Security Analyst - Assignment #9 - Environment Hardening
Cyber Security Analyst - Assignment #10 - Validating Critical Security Controls

I am considering adding an Assignment to cover Threat Hunting - Making Threat Intelligence Actionable. Please let me know if
there is interest.

Below is the first assignment for the course. Please let me know if you have any questions.

Thanks,

Todd.

======

Welcome to the Cyber Security Analyst hands-on training course.

The goal of this course is to give participants hands-on experience so they have the skills necessary to
successfully perform one or all of the following responsibilities:

- Simulate threat actor activities

- Detect threat actor activities
- Respond to those activities
- Deploy security controls to detect those activities
- Deploy security controls to block those activities
- Automate testing to validate security controls are detecting and/or blocking those activities

The course involves many labs and one of the primary skills needs is command line experience. Scripting
skills is a plus and is necessary to automate.

The 'Basics' assignment is designed to ensure participants has command line skills.

Students will also need access to a testing environment to perform these tasks. Links to training
environment VMs are provided.

At any time participants can ask questions, use Google, contact mentors and/or myself. The goal is to gain
skills, not pass a test.

I am in the process of setting up a HuntEvil discussion board which should allow all participants to ask
questions and share knowledge.

This is not instructor led. Is it as your own pace so you have time to repeat each lab until you feel
comfortable with that skill. Again, I am available to answer any questions.

All training is online and performed on your computer systems and downloaded training environment VMs.

As soon as you are done with one assignment you can request the next one.

Please provide feedback on each assignment beyond the deliverables. I would like each assignment to
continually improve.

For those that complete all of the assignments I ask that you be willing to be available to recruit and mentor
For those that complete all of the assignments I ask that you be willing to be available to recruit and mentor
3 other participants to the free course. Pay it forward.

NOTE: Items marked as Extra Credit are optional items for students to earn industry certifications. These
can be skipped, worked on in parallel, or worked on after the virtual internship.

Command line experience (Windows/DOS)

SKILL: Run, understand, and be able to use common Windows command line commands daily.

NOTE: If you do not have a Windows environment available, you can download and install
DetectionLab with the link provided below.

Review and run the following commands until you feel comfortable using them.

- https://community.sophos.com/kb/en-us/13195
- https://www.ee.usyd.edu.au/tutorials_online/topics/itopics/dos-cmds.html

NOTE: the site hosting the DOS cmd tutorial was reported by one of the participants as currently offline. Please let me
know as soon as possible if there are any issues with links.

If the site above continues to have problems I will replace it with another tutorial.

For now, the information can be found here on the Wayback Machine.

https://web.archive.org/web/20170613175331/https://www.ee.usyd.edu.au/tutorials_online/topics/itopics/dos-cmds.html

DELIVERABLE: Provide a confirmation that you have reviewed the commands in the first two links and feel
comfortable on the Windows command line.

- EXTRA CREDIT - WINDOWS - Complete Microsoft Certified System Administrator (MSCA) - free
certificate - https://www.cybrary.it/course/mcsa/
- EXTRA CREDIT - WINDOWS - Complete Microsoft Enterprise Security Fundamentals Course - $99 for
certification - https://www.edx.org/course/fundamentals-of-enterprise-security

Command line experience (Linux)

NOTE: If you do not have a Linux/Unix environment available, you can download and install
DetectionLab and/or Kali/Virtualbox with one of the links provided below.

SKILL: Run, understand, and be able to use common Linux/Unix command line commands daily.

- Review and run the commands in the Learn Linux ebook - https://www.linuxtrainingacademy.com/wp-
content/uploads/2016/08/learn-linux-in-5-days.pdf

DELIVERABLE: Provide a confirmation that you have reviewed the commands in the Learn Linux in 5 days
link and feel comfortable on the Linux command line.

- EXTRA CREDIT - LINUX: Signup and complete linux course - Includes free CompTIA Linux Plus
certification - https://www.cybrary.it/course/comptia-linux-plus/

Networking experience (Cisco)

KNOWLEDGE: Review and understand the basic networking terminology in the basic networking course

- http://www.steves-internet-guide.com/basic-networking-course/

DELIVERABLE: Provide a confirmation that you have reviewed the commands and terminology in the basic
networking course above and feel comfortable with setting up and configuring network settings on Windows
and Linux systems.

- EXTRA CREDIT - NETWORKING : Signup and complete Microsoft networking fundamentals

- https://mva.microsoft.com/en-us/training-courses/networking-fundamentals-8249
- EXTRA CREDIT - NETWORKING : Signup and complete basic networking course - Includes free Cisco
Certified Network Associate certification - https://www.cybrary.it/course/cisco-ccna/

Splunk Experience
SKILL: Search and navigate in Splunk, use fields, get statistics from your data, create reports, dashboards,
lookups, and alerts.

Scenario-based examples and hands-on challenges will enable you to create robust searches, reports, and
charts.

- Review the video to learn how to search in Splunk (Splunk is setup and available in the DetectionLab VM
environment below): https://youtu.be/eVTTnf2wYZg
- Review the video to learn how to create alerts in Splunk: https://youtu.be/SuARLqm7_jc

NOTE: A fully functional and configured Splunk environment is included with DetectionLab with the
link provided below.

- EXTRA CREDIT - SPLUNK: Review additional videos on Splunk - https://www.learnsplunk.com/splunk-

training-videos.html
- EXTRA CREDIT - SPLUNK: Signup and complete the online course - includes free Splunk
Fundamentals 1 certification - https://www.splunk.com/en_us/training/free-courses/splunk-fundamentals-
1.html

DELIVERABLE: Provide a confirmation that you have reviewed the queries and terminology in the first 2
Splunk videos and feel comfortable working with Splunk.

Kali Experience

DELIVERABLE: No deliverable required.

- EXTRA CREDIT - KALI: Kali Linux Professional certification - https://kali.training/downloads/Kali-Linux-

Revealed-1st-edition.pdf

TRAINING LAB

Security Workstation Setup

- Download and Install VirtualBox - https://www.virtualbox.org/wiki/Downloads
- Download and Install Kali Linux Vbox 64 Bit [OVA] Image - https://www.offensive-security.com/kali-linux-
vm-vmware-virtualbox-hyperv-image-download/

DELIVERABLE: Provide a confirmation that you have successfully installed Kali in your training lab.

Damn Vulnerable Web Application (DVWA) Setup

- Download and install DVWA on a new VM
- https://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson1/index.html

DELIVERABLE: Provide a confirmation that you have successfully installed DVWA in your training lab.

DetectionLab Setup

NOTE: Setting this up on MacOS is pretty straight forward. Some students have had challenges setting it
up on Windows systems.

- Download and install DetectionLab - https://github.com/clong/DetectionLab - Install instructions on Github

page

DELIVERABLE: Provide a confirmation that you have successfully installed Detection Lab in your training
lab.

RESUME NOTES

Below are suggestions for skills you could add to your resume after completing all the training in
Assignment #1 including the certifications.

I’d suggest you refresh your memory prior to an interview on the ones you add to your resume so you’re
ready for any interview questions based on your resume.
Microsoft Skills: Active Directory, DNS, Group Policy, Radius, DHCP, VPN, Web Proxy, DFS, Bitlocker,
EFS, Applocker, Hyper-V, VirtualBox

Splunk Skills: Splunk queries, statistics, create reports, create dashboards, create lookups, create alerts

Operating Systems: Kali, Debian, Windows Server 2003/2008/2012R2, Windows XP/7/10

Cisco Networking Skills: VLAN, Spanning Tree, ARP, IP Routing, RIP, EIGRP, OSPF, ACLs, NAT, CHAP,
IPv4, IPv6

Linux Skills: RPM, YUM, Git, Installing OS