My overview of SANS Free Resources for the first #100daysofcyber

{“content”:”

As synonyms for term SANS frequently mentioned are: cybersecurity training provider leader, most-wanted and highly regarded certifications in the IT security field, be it cyber defense, cloud security, digital forensics, industrial control systems or offensive operations.


\r\n\r\n

It can be heard that SANS training is expensive. Bear in mind that some of the trainings and related certifications SANS offers is aimed at corporations that can afford to send, virtually or physically, an employee or part of their workforce as future experts of the company on a specialized training. I will here focus on resources SANS publishes on a regular basis and makes freely available to anyone who shows interest.


\r\n\r\n

Do the free stuff first! Even if a company decides to send you on a training or you win a scholarship, it is wise to be prepared to ask instructors questions that are not already answered on the Internet and verified. Or, let’s reverse it, if you know that you will send employees on a SANS training, equip them in a timely manner with an adequate pre-knowledge so the training with instructors can be fully utilized.


\r\n\r\n

First things first, subscribe to SANS newsletters and create a free account on SANS Institute’s website. Just do it. You will periodically receive event reminders, news from the industry, information on relevant Slack or Discord channels of communication, and joining the SANS Community grants access to resources sorted by focus areas, webcasts, Tech Tuesday Workshops, Cyber42 Game Days, Security Awareness Planning Toolkit and you can test-drive more than 50 courses with one-hour free course previews.
\r\nTo get started with SANS courses, you can immediately take SANS Cyber Aces Online, a free online course that covers three foundation areas of information security: Operating Systems, Networking and System Administration.


\r\n\r\n

Next, let’s jump to SANS blog post Top 5 Steps to Immerse yourself into the cybersecurity field. Some of here mentioned Holiday Hack hands-on challenges are also sorted by topic in a Google Sheets H2 matrix. Well, this should get you occupied for a while.


\r\n\r\n

Maybe you noticed that most of SANS courses have three digits in their names, but how do they form a learning path that covers wanted skills for a real-world job role? Full list of courses and certifications can be found here, sorted by focus areas, training formats, with available syllabus. Use the Training roadmap to see how individual courses lay out in learning paths.


\r\n\r\n

To get a feel of how it is like to take a SANS course and eventually pass a certification exam, i will here mention:\r\n

    \r\n
  • Stereotype Breakers founder Masha Zvereva who shares her ongoing SANS journey in vlogs available on Youtube, and recently had the opportunity to take Foundations in Cybersecurity and SEC401 courses;
  • \r\n
  • Andrew Roderos, an IT professional specializing in networking and security, who on his website shared how he Passed GCIH, including detailed preparation, troubleshooting on the exam day, and tips on how to achieve a high score when the time comes. Bravo Andrew!
  • \r\n
  • Women in CyberSecurity (WiCyS) blog post where Dominique Serna, a WiCyS member and a SANS GIAC scholarship recipient, talks about the scholarship, gives us insight in her progress and achievements so far.
  • \r\n
\r\n


\r\n\r\n

Other than courses, there will be SANS tools you’ll frequently hear about during the first year in the IT security field. There is a full list of SANS faculty tools, but do not let the sheer amount of information overwhelm you, start with DeepBlueCLI, a PowerShell module by Eric Conrad for threat hunting via Windows Event logs, and oledump, a python tool by Didier Stevens for analyzing malware in documents. These tools are well respected and used throughout the Community, to see them in action you could watch the video Free Analytical Tools you can use today…. For Free! from Black Hills Information Security and read the Malware Analysis: Phishing Docs from HTB Reel from infosec practioner 0xdf.


\r\n\r\n

In December 2021, SANS published a blog post Top 10 Most Popular Free Resources created by SANS Faculty and team, be it top 10 webcasts, blogs, open-source tools, Summit videos or whitepapers. Stay current.


\r\n\r\n

You need an adequate virtual machine for work and practice? Check out Slingshot, Ubuntu-based Linux distribution built for use in the SANS penetration testing class labs and beyond, available in Community and C2 Matrix Edition. Sift workstation, with over 200 pre-installed DFIR tools, will be interesting to future Incident Responders and Digital Forensic Analysts.
\r\nAlso on the hands-on subject, SANS CyberStart is a cybersecurity training with hacking challenges and puzzles. Right now, there are 12 challenges available to play for free. But, stay tuned and continue reading until the end, maybe you are eligible for more free training.


\r\n\r\nFor the global cybersecurity community, SANS during 2022 offers a variety of free Solutions Forums and Virtual Summits, where you can register for attending, listen to industry’s professionals, level up your knowledge, hands-on skills, industry connections, and eventually submit your first presentation.


\r\n\r\n

SANS Cyber Ranges like NetWars Tournaments and Continuous are, in most cases, self-contained paid cyber challenges, but there are occasions when they are available as a course complimentary or even, as last year, free around some of the Virtual Summits if you register quick enough. Thus, i will repeat the importance of joining the SANS Community in-advance and registering for newsletters.
\r\nThere is an annual competition of the top-scoring NetWars Core players from the past two years called Core NetWars Tournament of Champions. Recording of the NetWars Tournament of Champions 2021 is available on SANS Youtube, and other than the competition for the best of the best and a live giveaway, it was filled with cybersecurity related trivia. I made the trivia available externally as flipcards, but you can view them in other forms: quiz, matching, bingo, or print them.

“} {“content”:”

Depending on whether you take part of an interest group, are a veteran, high school or college student in the US, or other, you could be eligible for a scholarship, discounted tuition via work study program of even free training, so make sure you stay up-to-date with available options, their schedules, and engaged in the Community.


\r\n\r\n

Hopefully, you found some useful information for yourself or someone you know. Let me know.
\r\nDo your own #100daysofcyber. You do not have to have everything sorted out from the get-go, just start. Create a new folder, and start filling it.


\r\n\r\n

Godspeed.


\r\n\r\n

Opinions expressed here are solely my own, this post is not sponsored by SANS Institute.

\r\n”}

LAB: Telephony Service, Port Security, DHCP pool

{“content”:”

Description:

\r\n\r\n

I created this lab with the goal to practice establishing calls in Packet Tracer at the CCNA level. The lab has no strict requrements, use provided free resource, practice what you studied to configure DHCP pools, telephony service, and port security.

\r\n\r\nDownload the lab \”20211220 VoIP, PortSec, DHCP\” from MY GITHUB, it is the fourth one in the LAB LIST, and, as previously, with this lab are associated 2 .pkt files, one with the suffix \”empty\” – that’s the initial state with default configurations, you can try solving the lab for yourself but if you get stuck you can check-out my solution – with \”finished\” it’s name.

\r\n\r\nFor in-between details not mentioned here or shown in the .pkt, choose for yourself. Additionally, use this topology to practice other networking concepts.

\r\n\r\nIMPORTANT: Install the latest version (at least version 8.0.1.0064) of PACKET TRACER to be able to open these .pkt files.

\r\n\r\nLet me know if you’d like to see a specific CCNA concept covered with a Packet Tracer lab from me. Have fun, gain skills and happy upcoming holidays!

\r\n\r\n

OTHER FREE RESOURCES:

\r\n\r\n

More on configuring telephony service, voice VLAN, DHCP pools on a router, and port security to help you pass the Cisco CCNA 200-301 exam:

\r\n“}

LAB: DHCP relay, DNS, SSH v2, NTP

{“content”:”

Description:

\r\n\r\n

I saw this topology online, made a CCNA level lab out of it, and you can now download it from MY GITHUB to practice configuring DHCP relay, DNS, SSH v2 and NTP.

\r\n\r\nOn the Github link you will find the lab by name \”20211201 DHCPrelay, NTP\”, it is the third one in the LAB LIST, and with this lab are associated 2 .pkt files, one with the suffix \”empty\” – that’s the initial state with default configurations, you can try solving the lab for yourself but if you get stuck you can check-out my solution – with \”finished\” it’s name.

\r\n\r\nFor in-between details not mentioned here or shown in the .pkt, choose for yourself. Additionally, use this topology to practice other networking concepts.

\r\n\r\nIMPORTANT: Install the latest version (at the moment of writing, version 8.0.1.0064) of PACKET TRACER to be able to open these .pkt files.

\r\n\r\nLet me know if you’d like to see a specific CCNA concept covered with a Packet Tracer lab from me. Have fun, gain skills!

\r\n\r\n\r\n

OTHER FREE RESOURCES:

\r\n\r\n

More about NTP, SSH, DNS and DHCP Relay to help you pass the Cisco CCNA 200-301 exam, on:

\r\n
    \r\n
  • Cisco.com ARTICLE \”Configuring Secure Shell on Routers and Switches Running Cisco IOS\”
  • \r\n\r\n
  • Kevin Wallace’s YOUTUBE VIDEO \”NTP, Easy as 1-2-3… Simplifying Network Time Protocol\”
  • \r\n\r\n
  • Jeremy’s IT Lab YOUTUBE VIDEO \”Free CCNA | NTP | Day 37 Lab | CCNA 200-301 Complete Course\”
  • \r\n\r\n
  • Keith Barker’s YOUTUBE QUIZ \”Network Time Protocol (NTP) Sept 2021 | Cisco CCNA 200-301 Quiz\”
  • \r\n\r\n
  • Keith Barker’s YOUTUBE QUIZ \”DHCP and DNS July 2021 | Cisco CCNA 200-301\”
  • \r\n
“}

THM: Nessus

{“content”:”

Description:

\r\n\r\n

TryHackMe made familiarizing with Nessus nice and easy with this free room with 5 tasks.

\r\n\r\nMy impression is that the room authors’ sentences are clear and explanations are easy to follow, you won’t get much trouble with this room unless you don’t allocate enough of system resources to install Nessus. Yes, you have to install Nessus on your own machine and use OpenVPN configuration file provided with your THM account, not AttackBox nor subcription will help you with that.

\r\n\r\nSo, the installation will take some time… You will probably want to move on something else in the meantime or sleep on it.

\r\n\r\nRead the instructions provided in the room, i will post here only tasks that need answers, screenshots that lead to answers and spoilers. These are tasks 3-5.

\r\n\r\nNot to ruin the party for interested, answers are hidden, so if interested, click on the question below and the answer will reveal itself. Let’s go!\r\n\r\n

TASK 3: Navigation and Scans

\r\n\r\n
\r\nWhat is the name of the button which is used to launch a scan?New Scan\r\n
“} {“content”:”
\r\nWhat side menu option allows us to create custom templates?\r\nPolicies\r\n
“} {“content”:”
\r\nWhat menu allows us to change plugin properties such as hiding them or changing their severity?\r\nPlugin Rules\r\n
“} {“content”:”
\r\nIn the ‘Scan Templates’ section after clicking on ‘New Scan’, what scan allows us to see simply what hosts are alive?\r\nHost Discovery\r\n
“} {“content”:”\r\n
\r\nOne of the most useful scan types, which is considered to be ‘suitable for any host’?\r\nBasic Network Scan\r\n
\r\n\r\n
\r\nWhat scan allows you to ‘Authenticate to hosts and enumerate missing updates’?\r\nCredentialed Patch Audit\r\n
\r\n\r\n
\r\n\r\nWhat scan is specifically used for scanning Web Applications?\r\nWeb Application Tests\r\n
\r\n\r\n\r\n\r\n\r\n\r\n\r\n

Task 4: Scanning!

\r\n\r\n
\r\n\r\nCreate a new ‘Basic Network Scan’ targeting the deployed VM. What option can we set under ‘BASIC’ (on the left) to set a time for this scan to run? This can be very useful when network congestion is an issue.\r\nSchedule\r\n
“} {“content”:”
\r\n\r\nUnder ‘DISCOVERY’ (on the left) set the ‘Scan Type’ to cover ports 1-65535. What is this type called?\r\nPort scan (all ports)\r\n
“} {“content”:”
\r\n\r\nWhat ‘Scan Type’ can we change to under ‘ADVANCED’ for lower bandwidth connection?\r\nScan low bandwidth links\r\n
“} {“content”:”
\r\n\r\nAfter the scan completes, which ‘Vulnerability’ in the ‘Port scanners’ family can we view the details of to see the open ports on this host?\r\nNessus SYN scanner\r\n
“} {“content”:”
\r\n\r\nWhat Apache HTTP Server Version is reported by Nessus?\r\n2.4.99\r\n
“} {“content”:”

Task 5: Scanning a Web Application!

\r\n\r\n
\r\n\r\nWhat is the plugin id of the plugin that determines the HTTP server type and version?\r\n10107\r\n
“} {“content”:”
\r\n\r\nWhat authentication page is discovered by the scanner that transmits credentials in cleartext?\r\nlogin.php\r\n
“} {“content”:”
\r\n\r\nWhat is the file extension of the config backup?\r\n.bak\r\n
“} {“content”:”
\r\n\r\nWhich directory contains example documents? (This will be in a php directory)\r\n/external/phpids/0.6/docs/examples/\r\n
“} {“content”:”
\r\n\r\nWhat vulnerability is this application susceptible to that is associated with X-Frame-Options?\r\nClickjacking\r\n
“} {“content”:”

Other Free Resources:

\r\n “}

BTLO Challenge: Log Analysis – Privilege Escalation

{“content”:”

Description:

\r\n\r\n

This is a retired Challenge from Blue Team Labs Online, categorized as Easy and CTF-like. You can try to solve it for yourself after registering on the platform, like most of their Challenges this one is also free.
\r\nOther than Challenges they also offer Investigations, most of these require a PRO subscription, but head on to the platform and check out the current state.

\r\n\r\n

I found out about this platform from Gerald Auger, Ph.D., book author and chief conent creator of Simply Cyber, information security YouTube channel. Watching his live streams i once won a one-month PRO BTLO subscription, so if you are interested in this field and occasional InfoSec giveaways are your kind of giveaways, you don’t want to miss out on his content.

\r\n\r\n

Task:

\r\n\r\n

You are presented with a scenario description, reading material, and a log file from an attacked server.

“} {“content”:”

Looking at the log file above, you have to answer questions about the event that took place. Not to spoil the Challenge, if you want to see the answers click on the question bellow and the answer will reveal:
\r\n\r\n

\r\n1. What user (other than ‘root’) is present on the server?daniel\r\n
\r\n\r\n
\r\n2. What script did the attacker try to download to the server?linux-exploit-suggester.sh\r\n
\r\n\r\n
\r\n3. What packet analyzer tool did the attacker try to use?tcpdump\r\n
\r\n\r\n
\r\n4. What file extension did the attacker use to bypass the file upload filter implemented by the developer?.phtml\r\n
\r\n\r\n
\r\n5. Based on the commands run by the attacker before removing the php shell, what misconfiguration was exploited in the ‘python’ binary to gain root-level access? 1- Reverse Shell ; 2- File Upload ; 3- File Write ; 4- SUID ; 5- Library load4\r\n
\r\n\r\n

Other free resources:

\r\n\r\n”}

LAB: EtherChannel L2, HSRP, OSPF

Description

There is a “CCNA and above” level lab on my Github to practice configuring EtherChannel, HSRP and OSPF.

On the Github link you will find the lab by name “20211124 L2 EtherChannel, HSRP, OSPF”, it is the second one in the Lab list, and with this lab are associated 2 .pkt files, one with the suffix “empty” – that’s the initial state with default configurations, you can try solving the lab for yourself but if you get stuck you can check-out my solution – with “finished” it’s name.

For in-between details not mentioned in the lab or shown in the .pkt, choose for yourself.
Additionally, use this topology to practice other networking concepts: HSRP interface tracking, use of ACLs, NATting, spanning-tree protocol standard and priority change, PAgP EtherChannel, port security, etc.

IMPORTANT: Install the latest version (at the moment of writing, version 8.0.1.0064) of Packet Tracer to be able to open these .pkt files.

Let me know if you’d like to see a specific CCNA concept covered with a Packet Tracer lab from me. Have fun, gain skills!

OTHER FREE RESOURCES

More about HSRP to help you pass the Cisco CCNA 200-301 exam, on:

  • Cisco.com  article “How to Use the standby preempt and standby track Commands”
  • Keith Barker’s Youtube quiz “Edited HSRP Quiz Recording | Cisco CCNA 200-301”
  • Kevin Wallace’s Youtube video “Understanding (and Configuring) HSRP”
  • Robert Mayer’s Youtube video “HSRP Interface Tracking | Why Track Interfaces in HSRP?”

LAB: Inter-VLAN Routing using L3 Switch

 

Description

 

I saw this lab online, solved it, and you can download the completed lab or just the initial state to practice Inter-VLAN Routing using Layer 3 switch for free from my Github.

On the Github link you will find the lab by name “20211122_InterVLAN Routing”, it is the first one in the Lab list, and with this lab are associated 2 .pkt files, one with the suffix “empty” – that’s the initial state with default configurations, you can try solving the lab for yourself but if you get stuck you can check-out my solution – with “finished” it’s name.

 

IMPORTANT: Download the latest version (at the moment of writing, version 8.0.1.0064) of Packet Tracer from HERE to be able to open the lab!

 

Let me know if you’d like to see a specific CCNA concept covered with a Packet Tracer lab from me. Have fun, gain skills!

 

Proof of Concept:

 

Other Free Resources

 

More about Inter-VLAN Routing using L3 switch to help you pass the Cisco CCNA 200-301 exam, on:

  •      Cisco Press sample chapter “Inter-VLAN Routing” from the book “Switching, Routing, and Wireless Essentials Companion Guide (CCNAv7)”
  •      Keith Barker’s group of Youtube videos from the playlist “Packet Tracer Labs Cisco CCNA 200-301” with provided .pkt lab and walkthrough
  •      Wendell Odom’s article on Packet Tracer for CCNA Study (with sample lab)