This Assessment is part of a Career Path: Become a Penetration Tester
Cydefe’s Recon is a Cybrary CTF (Capture The Flag) Assessment intended for students of Beginner/Intermediate level. Cydefe’s Recon teaches port scanning, enumeration, and CTF (Capture The Flag) and is targeted toward pentesters. Upon successful completion of Cydefe’s Recon, the student will be able to perform port scanning to identify services, enumerate, and practice CTF exercises. Cydefe’s Recon takes 60 - 90 minutes to complete.
Skill/Ability Breakdown: In Cydefe’s Recon, students will learn about port scanning, which involves identifying services that could be exploited. Services that run on a server, whether it is a website, FTP, SSH, DNS, etc. Run on different ports, that use TCP or UDP. These ports relate directly to the attack surface that can be attacked and exploited. Different tools are used for port scanning, one of the most popular is NMAP, which is an open source tool that includes lots of features, like scripting. Port scanning is a key part of Pentesting, and builds to the Exploit stage of an attack.
In Cydefe’s Recon, students will learn about enumeration, which involves extracting information about the systems that can be used to exploit them. As said before, the services running on a server use different ports, with enumeration an attacker discovers possible attack vectors on the target host. These attack vectors could be then exploited. Discovering services, software versions, and additional information allows malicious actors to use existing exploits or to create their own. Enumeration is a key part of Pentesting, and builds to the Exploit stage of an attack.
In Cydefe’s Recon, students will learn about CTF (Capture the Flag), which involves the simulation of real-life scenarios involving different techniques to exploit vulnerabilities. These exercises are probably the most common training methods in pentesting, since it is the most reliable way to practice your pentesting skills without the risk of interrupting services that might be running on production environments. CTF is a key part of Pentesting, and builds to the Exploit stage of an attack.
These skills are important for job roles like Penetration Tester, Vulnerability Assessment Analyst, SOC Analyst, etc
In Cydefe’s Recon, students will download an iso image (challenge file) containing the vulnerable server. Students then will need to run this image in a virtualization software, such as VirtualBox and use any tools they want to analyze and detect vulnerabilities. The vulnerable server contains several intentional vulnerabilities for education purposes, and therefore should never be used in live environments.
Conclusion: Cydefe’s Recon is part of Penetration Tester career path. Completion of Cydefe’s Recon means that the student has demonstrated knowledge of port scanning, enumeration and CTF (Capture The Flag).
Click on the lab and start your path towards Penetration Testing and find those vulnerabilities.