Search
Close this search box.

Workout Catalog

Level 1 Workouts

Level 1

Command and Control Botnet

Themes:

Introduction, Cybercrime Ethics

Standard Mapping:

NICE-PIR-CIR-001, Security+ Knowledge Area 1.2

Learning Objective:

To understand the vulnerability of cyber attack victims and the importance of developing protections to protect people from these types of attacks. It might be good to have a case study to emphasize the problem associated with this workout and motivate students to protect rather than attack.

Description:

Students will play both victim and attacker in operating a botnet. They will perform various functions in command and control.

Assessment:

This is a 3 tiered assessment, in which the objectives become increasingly harder to meet.

Level 1: Implement the botnet

Level 2: Perform a victim screen capture

Level 3: Use the botnet to harvest browser credentials to login and find a flag

Level 1

Reconnaissance with Shodan

Author:

Samuel Willis (sxwillis@ualr.edu)

Themes:

Network Security

Description:

The student will perform searches to identify network services around the world and local to their city and state using the Shodan service.

Learning Objective:

Understand the purpose and structure of network protocols and how they relate to real-world services.

Assessment:

Students must find a publicly available server in which they can produce the assessment flag.

Standard Mapping:

NICE-AN-EXP-001, Security+ Knowledge Area 2.2

Level 1

Phishing Attack

Author:

Andrew Bomberger (abbomberger@ualr.edu)

Themes:

Network Security, personal security awareness

Description:

Students will play both sides of the attack and victim of an email phishing attack.

Learning Objective:

Understand how phishing attacks work and common attack objectives and understand how to spot fraudulent emails.

Assessment:

Students will look through the attacker commands to find the flag. Reporting the flag to the Cyber Arena completes this workout.

Standard Mapping:

NICE-OV-TEA-001, NICE-PIR-CIR-001, Security+ Knowledge Area 1.2

Level 1

Two-Step

Author:

Chance Melby (camelby@ualr.edu)

Themes:

Personal security awareness

Description:

Most students have not thought a lot about their personal online accounts and are unaware of the protections available. In this workout, students walk through the set up of a software one-time password and log in to a web server we provide.

Learning Objective:

To familiarize students with personal online account protection.

Assessment:

Successfully logging in to the web application using two-factor authentication will provide the flag necessary to complete the assessment.

Standard Mapping:

NICE-OM-ADM-001, Security+ Knowledge Area 4.1

Level 1

Mobile Phone Forensics

Author:

Rebecca Passmore

Themes:

Data security, digital forensics

Description:

Students are provided the forensic dump of a mobile phone. They must find specific artifacts to construct the story of what has occurred. This mobile phone image for this workout is provided through the FBI National Training Academy.

Learning Objective:

To understand basic digital forensics procedures and technology.

Assessment:

Students will search for specific artifacts in increasing order of difficulty.

Standard Mapping:

NICE-IN-FOR-001, Security+ Knowledge Area 5.5

Level 1

Reversus: Introduction to Vulnerability and Exploit Identification

Author:

Ryan Ronquillo (rfronquillo@ualr.edu)

Themes:

Software Security

Description:

Students learn how to reverse engineer an executable and exploit a vulnerability.

Learning Objective:

To understand the vulnerabilities computer programs can introduce and understand the need to develop secure software. Using an interactive disassembler, students will find how they can bypass authentication in the compiled binary of an executable program.

Assessment:

After making the necessary updates to bypass authentication, the code executes a completion script to notify the UA Little Rock Cyber Arena of their completion.

Standard Mapping:

NICE-AN-EXP-001, Security+ Knowledge Area 1.6

Level 2

Pay Up: An Introduction to Ransomware

Author:

Nicholas Stewart (nrstewart@ualr.edu)

Themes:

Personal security awareness, network security

Description:

Experience a simulated ransomware attack

Learning Objective:

To understand the operation of one of the most common types of cyberattacks, the motivation of adversaries, and how to defend against ransomware attacks

Assessment:

A student unlocking the files provides access to a flag that students can report to the Cyber Arena for completion of this workout.

Standard Mapping:

NICE-PIR-CIR-001, Security+ Knowledge Area 1.2

Level 2

Mission Permission: Linux

Author:

Andrew Bomberger (abbomberger@ualr.edu

Themes:

Access control

Description:

For this workout, students will learn the basics of how to view and change file permissions on a Linux system.

Learning Objective:

Introduce the concept of access control on the operating system and show how it can help preserve the confidentiality and integrity of files on the system.

Assessment:

A script checks for correct permissions regularly on the system and automatically notifies the UA Little Rock Cyber Arena when the correct permissions are set.

Standard Mapping:

NICE-OM-ADM-001, Security+ Knowledge Area 4.4

Level 2

Recon with Wireshark

Author:

Chance Melby (camelby@ualr.edu)

Themes:

Network Defense

Description:

Students will perform network traffic analysis against a simulated attack environment

Learning Objective:

Understand how to analyze network packets and understand the inherent insecurity of many network protocols

Assessment:

Students look for credentials in the traffic capture to log into a secret website and identify the flag.

Standard Mapping:

NICE-PR-VAM-001, Security+ Knowledge Area 1.5 & 2.3

Level 2

Johnny Hash: Understanding Password Hashing and Authentication

Author:

Andrew Bomberger (abbomberger@ualr.edu)

Themes:

Cryptography

Description:

A fun website to learn how passwords are stored on a server

Learning Objective:

Introduce students to secure hash algorithms and dictionary attacks on passwords.

Assessment:

Students will attempt to crack passwords and break into a website. The website provides the flag needed to report completion.

Standard Mapping:

NICE-PR-INF-001, Security+ Knowledge Area 6.1

Level 2

U-Nessus-ary Evil

Author:

Carter Williams (cawilliams6@ualr.edu

Themes:

Software security and system security

Description:

Use a real-world Nessus scanner to scan for vulnerabilities on a system

Learning Objective:

Learn the basics of how attackers find and exploit vulnerabilities.

Assessment:

Students search for an exploitable vulnerability on a target system and respond to an online assessment that notifies the Cyber Arena of completion.

Standard Mapping:

NICE-PR-VAM-001, Security+ Knowledge Area 1.4

Level 3

Hidden Target

Author:

Ryan Ronquillo (rfronquillo@ualr.edu)

Themes:

Network Attack

Description:

Use basic reconnaissance tactics to discover a designated target in the network.

Learning Objective:

Understand the role of reconnaissance as a precursor to a cyber-attack.

Assessment:

This workout has 3 levels of objectives with increasing difficulty:

Level 1: Identify all hosts on the same network segment

Level 2: Identify the hidden target

Level 3: Identify a hidden network service on the target

Standard Mapping:

NICE-PR-CDA-001, Security+ Knowledge Area 1.5 & 2.2

Level 3

Firewall: Extinguishing Network Attacks

Author:

Philip Huff (pdhuff@ualr.edu)

Themes:

Network defense

Description:

Stop an active cyber-attack using a next-generation firewall from Fortinet.

Learning Objective:

Introduction to firewalls and their role in protecting a network zone using access control lists

Assessment:

The access control stopping the network attack will trigger completion of this workout automatically and notify the Cyber Arena.

Standard Mapping:

NICE-OM-NET-001, Security+ Knowledge Area 2.1 & 3.2

Level 3

Web Attacks: Here, can you run this for me?

Author:

Chance Melby (camelby@ualr.edu)

Themes:

Web security

Description:

Perform multiple types of cross-site scripting (XSS) attacks on a web server.

Learning Objective:

Understand one of the most common web application vulnerabilities: Cross-Site Scripting (XSS) and how to prevent them.

Assessment:

Successful performance of each type of XSS attack will trigger the completion of this workout automatically and notify the Cyber Arena.

Standard Mapping:

NICE-SP-DEV-001, Security+ Knowledge Area 1.6

Level 3

Caesar Cipher

Author:

Andrew Bomberger (abbomberger@ualr.edu)

Themes:

Cryptography

Description:

Explore the fun of basic cryptography algorithms

Learning Objective:

Learn historic cryptographic algorithms as an introduction to symmetric key cryptography.

Assessment:

Each workout will receive a unique secret to crack, and the student will submit the cracked plaintext message to complete the workout.

Standard Mapping:

NICE-0V-MGT-002, Security+ Knowledge Area 6.1

Level 4

Experience a Denial of Service (DoS) Attack

Author:

Chance Melby (camelby@ualr.edu

Themes:

Network Security

Description:

Explore the fun of basic cryptography algorithmsPerform a Denial of Service attack against a computer in your network and observe the impact on the computer as you try various techniques.

Learning Objective:

The inherent insecurity of most network protocols, the ease in which an attacker can perform a DoS attack, and the impact a DoS attack has on a system.

Assessment:

A service runs on the victim computer, and an assessment script runs inside the student’s Cyber Arena. Once the assessment can no longer reach the victim’s service due to the DoS attack, then the workout automatically completes.

Standard Mapping:

NICE-PR-CIR-001, Security+ Knowledge Area 1.6

Level 4

Increase your Password Strength

Author:

Carter Williams (cawilliams6@ualr.edu)

Themes:

Access control and authentication

Description:

Manage the required password strength for a fictitious organization. Using group policy tools in Microsoft Active Directory, students will set password parameters to meet a given policy.

Learning Objective:

Students will understand various password parameters and how they encourage the use of strong passwords. Students will also receive exposure to current Windows domain management tools.

Assessment:

A script runs regularly to check the password policy. A sufficiently strong policy will trigger the successful completion of this workout.

Standard Mapping:

NICE-OM-ADM-001, Security+ Knowledge Area 4.4

Level 4

Role-Based Access Control

Author:

Chance Melby  (camelby@ualr.edu)

Themes:

Access control

Description:

Walkthrough a fictitious organization and set up role-based access control to efficiently protect information on a system.

Learning Objective:

Understand the importance of identification and privileges in access control and how role-based access control makes the work easier for security operators.

Assessment:

Students will walk through a simulation of steps to grant and revoke access privileges for their fictitious organization. Then, they will set up role-based access control. Once the system is set up correctly, the assessment will automatically notify the Cyber Arena of completion.

Standard Mapping:

NICE-OM-ADM-001, Security+ Knowledge Area 4.3

Level 4

Reversus Part 2

Author:

Ryan Ronquillo (rfronquillo@ualr.edu)

Themes:

Software security

Description:

Return to reversus for harder software reverse engineering workouts. In this workout, students attempt to break and reverse engineer the game to win.

Learning Objective:

Learn basic reverse engineering for the purpose of identifying exploits in software executables.

Assessment:

Reversus Part 2 Assessment: Successfully completing the game will release the script to automatically notify the Cyber Arena of completion.

Standard Mapping:

NICE-AN-EXP-001, Security+ Knowledge Area 1.6

Level 4

Public Key Cryptography: A Key Splitting Workout

Author:

Andrew Bomberger (abbomberger@ualr.edu)

Themes:

Cryptography

Description:

Experience the wonder of encrypting and decrypting with public-key cryptography. Students use the Cassandra tool to create and use keys in the same way most of today’s Internet data is protected.

Learning Objective:

Understand the concepts of public and private keys, and begin to understand the foundations of trust and assurance in relation to key management.

Assessment:

Students will decrypt a secret message and report to the Cyber Arena for completion of this workout.

Standard Mapping:

NICE-OV-MGT-002, Security+ Knowledge Area 6.2