CNIT 152: Incident Response

Projects for CCSF (Fall 2020)

Submitting Projects

CCSF students must do these things to get credit:

  • Perform the project steps until you find a flag
  • Capture a whole-desktop image showing the flag
  • Submit the image in the appropriate Project in Canvas
  • Type the flag into the text field

       

Defending Linux Servers

ED 200: Google Cloud Linux Server *  15
IR 201: Splunk & Suricata  45
IR 202: Metasploit & Drupalgeddon  30 + 55 extra
IR 308: osquery  15
*  See Alternate Cyber Ranges below

Defending Windows

H 221: Google Cloud Windows Server *  10
IR 301: Installing Splunk on a Windows Server  15
IR 330: Detecting Ransomware with
Splunk and Sysmon
 20
IR 303: Capturing a RAM from a Process  15 extra
IR 304: VirusTotal & Wireshark  15 + 20 extra
IR 305: PacketTotal  15 + 30 extra
IR 306: Yara  10 + 30 extra
IR 307: Prefetch Forensics  15
IR 340: GRR Rapid Response  25
IR 350: Zeek Interactive Tutorial  15 + 44 extra
IR 351: Installing and Using Zeek  25
IR 410: Azure Fundamentals  30 or more extra
*  See Alternate Cyber Ranges below

ATT&CK Matrix

Reference: ATT&CK Matrix v7 for Enterprise
ATT 1: ATT&CK Tactics  10
ATT 2: ATT&CK Techniques for Tactics 1-3  10
ATT 3: ATT&CK Techniques for Tactics 4-6  10
ATT 4: ATT&CK Techniques for Tactics 7-9  10
ATT 5: ATT&CK Techniques for Tactics 10-12  10
ATT 6: ATT&CK Groups  10
ATT 7: ATT&CK Navigator  10
ATT 100: Caldera  25+
ATT 101: Caldera Operation  15

Splunk Boss of the SOC
(Extra Credit)

BOTSv1: Threat Hunting with Splunk  325 extra

Binary (Extra Credit)

H 101 - 104: Binary Games  20 extra

Command Line (Extra Credit)

Don't submit these projects in Canvas; use the scoring system below

Enter Flags · Scoreboard

LJ: Linux Journey  83 extra
B: Bandit Challenges  69 extra
U-Cen and U-Cyb: PowerShell  75 extra

Networking (Extra Credit)

H 410: Nmap  40 extra
H 420: Wireshark  110 extra
H 430: Scapy  20 extra

Alternate Cyber Ranges
(Extra Credit)

Sam

Cyber Range Planning
H 202: Kali Virtual Machine  15 extra
H 220: Windows Virtual Machine  15 extra
H 240: WireGuard VPN  15 extra
ED 290: Desktop on a Cloud Linux Server  10 extra

Posted 8-5-2020
Project submission instructions updated 8-26-2020
IR 303 changed to extra credit 8-29-2020
Scoring system for Command Line projects added 9-7-2020
ATT 3-6 restored; IR 410 added 10-12-20