Skip to content
This repository has been archived by the owner on Dec 3, 2021. It is now read-only.

Prototyping new Images for Security Content #261

Merged
merged 8 commits into from
Sep 19, 2019
Merged

Conversation

Mierdin
Copy link
Member

@Mierdin Mierdin commented Sep 7, 2019

In this PR I'm introducing several new images and PoC lessons for some security content we're playing around with. A future pull request will complete the lessons' content, and promote this lesson to prod tier.

Images TODO

  • Finish wordpress image
  • Kali image
  • Plain webserver

Lessons TODO

  • Lesson 38 PoC - WP Scan (kali + wordpress)
  • Lesson 40 PoC - update web server with ordered list of IP’s (utility + plain apache2 server)

Signed-off-by: Matt Oswalt <[email protected]>
@94halldah
Copy link

the lessons appear to be what we discussed. For lesson 38, we need a Kali instance and a wordpress instance with reachability. we need to issue a wpscan from the kali to retrieve the username and passwords.. like wise, with lesson 39. The goal is to ensure that firewall filters are the same on both vSRX's. In the hackathon, the vSRX's will be in packet-mode but that fact is not germane to this lesson. Lesson 40 is correct as well. We need to programmatically update a web page with an ordered list of IP's. - the IP's need to be in order for each octet but we are dealign with a single /24 subnet. what is described is correct. I may add hping3 to lesson 38 but that doesn't change the containers needed

Signed-off-by: Matt Oswalt <[email protected]>
Signed-off-by: Matt Oswalt <[email protected]>
@Mierdin Mierdin changed the title New Images and PoC Lessons for NXTWORK 2019 Hackathon Prototyping new Images for Security Content Sep 17, 2019
@Mierdin Mierdin marked this pull request as ready for review September 19, 2019 22:51
@Mierdin
Copy link
Member Author

Mierdin commented Sep 19, 2019

There was a third lesson I wanted to prototype but I'm leaving that out for now.

I also wanted to add an http presentation to the wordpress image but wordpress seems to be actively hostile towards reverse proxies and I have little interest in bludgeoning through that right now. For the moment, having it in the background and accessible to the wpscan utility in kali sufficiently meets the requirements.

In the near future we'll revisit and figure out if we want to push forward and complete these lessons or remove them from the curriculum. Let's say we'll decide this by end of this November.

@Mierdin Mierdin merged commit b0bd002 into master Sep 19, 2019
@Mierdin Mierdin deleted the hackathon-lessons-poc branch September 19, 2019 22:54
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants