CNIT 152: Incident Response

Projects for CCSF (Fall 2020)

Submitting Projects

CCSF students must do these things to get credit:

Perform the project steps until you find a flag
Capture a whole-desktop image showing the flag
Submit the image in the appropriate Project in Canvas
Type the flag into the text field

Defending Linux Servers
ED 200: Google Cloud Linux Server *	15
IR 201: Splunk & Suricata	45
IR 202: Metasploit & Drupalgeddon	30 + 55 extra
IR 308: osquery	15
* See Alternate Cyber Ranges below

Defending Windows
H 221: Google Cloud Windows Server *	10
IR 301: Installing Splunk on a Windows Server	15
IR 330: Detecting Ransomware with Splunk and Sysmon	20
IR 303: Capturing a RAM from a Process	15 extra
IR 304: VirusTotal & Wireshark	15 + 20 extra
IR 305: PacketTotal	15 + 30 extra
IR 306: Yara	10 + 30 extra
IR 307: Prefetch Forensics	15
IR 340: GRR Rapid Response (not recommended)	25 extra
IR 350: Zeek Interactive Tutorial	15 + 44 extra
IR 351: Installing and Using Zeek	25
* See Alternate Cyber Ranges below

Cloud Computing (Extra Credit)
IR 410: Azure Fundamentals	30 or more extra
IR 420: AWS Fundamentals	30 or more extra
IR 450: GitHub	10 extra
IR 451: Exploiting GitHub Commits	45 extra

ATT&CK Matrix
ATT 1 - 7 are quizzes in Canvas
Reference: ATT&CK Matrix v7 for Enterprise
ATT 100: Caldera	25+ extra
ATT 101: Caldera Operation	15 extra

Splunk Boss of the SOC (Extra Credit)
BOTSv1: Threat Hunting with Splunk	325 extra

Binary (Extra Credit)
H 101 - 107: Binary Games	50 extra

Command Line (Extra Credit)
Don't submit these projects in Canvas; use the scoring system below Enter Flags · Scoreboard
LJ: Linux Journey	83 extra
B: Bandit Challenges	69 extra
U-Cen and U-Cyb: PowerShell	75 extra

Networking (Extra Credit)
H 410: Nmap	40 extra
H 420: Wireshark	110 extra
H 430: Scapy	20 extra

Alternate Cyber Ranges (Extra Credit) Sam
Cyber Range Planning
H 202: Kali Virtual Machine	15 extra
H 220: Windows Virtual Machine	15 extra
H 240: WireGuard VPN	15 extra
ED 290: Desktop on a Cloud Linux Server	10 extra

Posted 8-5-2020
Project submission instructions updated 8-26-2020
IR 303 changed to extra credit 8-29-2020
Scoring system for Command Line projects added 9-7-2020
ATT 3-6 restored; IR 410 added 10-12-20
IR 340 deprecated 10-26-20
ATT 1-7 note added 10-31-20
ATT 100 and 101 restored 11-7-20
IR 420 added 11-10-20
IR 450 added 11-17-20
IR 451 added 11-18-20
Binary game point total increased 12-3-30

CNIT 152: Incident Response

Projects for CCSF (Fall 2020)

Submitting Projects

Defending Linux Servers

Defending Windows

Cloud Computing (Extra Credit)

ATT&CK Matrix

ATT 1 - 7 are quizzes in Canvas

Splunk Boss of the SOC (Extra Credit)

Binary (Extra Credit)

Command Line (Extra Credit)

Networking (Extra Credit)

Alternate Cyber Ranges(Extra Credit)

Cloud Computing
(Extra Credit)

Splunk Boss of the SOC
(Extra Credit)

Alternate Cyber Ranges
(Extra Credit)