July 11, 2024

This week, I had the incredible opportunity to participate in a Cyber Range training session hosted by Joe Mallen working with CyManII at the Downtown San Pedro 1 building. This hands-on experience was not only educational but also exhilarating, providing me with valuable insights into cybersecurity tools and simulated attack scenarios. Here’s a breakdown of the events and key learnings from the training.

Day 1: Tool Overview

Tools and Setup

On the first day, we were introduced to the primary tools we would be using:

• Zenoss: For monitoring the status of servers and services.
• Palo Alto Firewall: To monitor network traffic and identify suspicious activity.
• Splunk: For analyzing logs and triggered alerts.

Joe Mallen gave us a comprehensive overview of these tools, demonstrating how to use them effectively to detect and mitigate cyber threats. We also set up our workstations, configured PuTTy for SSH access to the servers, and familiarized ourselves with the network environment.

Key Commands and Techniques

We were taught several crucial commands and techniques, including:

• Netstat: To see current connections to a server.
• Cat and Grep: To search through logs for relevant IP addresses and login attempts.
• PuTTy Configuration: For SSH access to investigate servers directly.

The day ended with us setting up our tools and preparing for the simulated attack that would take place later in the week.

Joe also walked us through an example attack, demonstrating how a foreign IP gained access to a server via SSH brute force. We learned to block the IP and remove SSH access, recommending VPN use for external users instead.

Collaborative Efforts

We split our team into specific roles to ensure efficient handling of the tasks: