CBROPS Labs

Lab Initial Set Up
"Learning Services Portal"

Instructor/Delegate Access

Lab in Use (Cisco restrict hours of access)

Lab Videos

TIPS:
I would definitely use the provided command text file provided by Cisco to copy and paste into fields as required

Lab 1: Use NSM Tools

READ the Lab Guide carefully Some parts like Internet access are not meant to be carried out in the lab.

When using SGUIL and selecting event IDs running Transcript be patient as it takes time to generate the output.

Towards the end of the lab I did not see as many entries as described in the lab for Elsa task 5 onwards.

Lab 2: Explore Cryptographic Tech

READ the Lab Guide carefully Some parts like Internet access are not meant to be carried out in the lab.

Lab 3: Explore TCP/IP Attacks

Lab 4: Explore Endpoint Security

Lab 5: Investigate Hacker Methodology

When using SGUIL and selecting event IDs running Transcript be patient as it takes time to generate the output.

Lab 6: Hunt Malicious Traffic

There lab works fine but there is a lot switches and searches that have to be inputted correctly.

Lab 7: Correlate Event Logs, PCAPs, and ALerts of an Attack

Lab 8: Investigate Browser-Based Attacks

Follow the lab guide carefully. It is easy in the lab to mistype or not read fully the lab. Some of the output will differ if this is the case.

Sometimes you also have to wait for entries to be added ie mysql in ELSA.

Lab 9: Analyse Suspicious DNS Activity

Be really careful on Task 2 Step 4, there is a note about a backtick used in the command and the quote marks., use backtick NOT Quote.

`=Backtick (UK keyboard top left)
'=Quote (UK Keyboard bottom right)

Task 2 Step 9 shows different chars of the hex code but it is the same content ie confidential as proved in Task 3.

Lab 10: Explore Security Data Analysis

READ the Lab Guide carefully Some parts like Internet access are not meant to be carried out in the lab.

Lab 11: Investigate Suspicious Activity using Security Onion

READ the Lab Guide carefully Some parts like Internet access are not meant to be carried out in the lab.

Lab 12: Investigate APTs

READ the Lab Guide carefully Some parts like Internet access are not meant to be carried out in the lab.

Lab 13: Explore SOC Playbooks

Lab 14: Explore Windows O/S

Lab 15: Explore Linux O/S

You open many terminal session in the lab, keep track of which one you require for testing, tip look at the prompt in the terminal window.

CBROPS Labs

CBROPS Labs

​​Lab Initial Set Up​"Learning Services Portal"

​Instructor/Delegate Access

Lab in Use (Cisco restrict hours of access)

Lab Videos

Lab 1: Use NSM Tools

Lab 2: Explore Cryptographic Tech

Lab 3: Explore TCP/IP Attacks

Lab 4: Explore Endpoint Security

Lab 5: Investigate Hacker Methodology

Lab 6: Hunt Malicious Traffic

Lab 7: Correlate Event Logs, PCAPs, and ALerts of an Attack

Lab 8: Investigate Browser-Based Attacks

Lab 9: Analyse Suspicious DNS Activity

Lab 10: Explore Security Data Analysis

Lab 11: Investigate Suspicious Activity using Security Onion

Lab 12: Investigate APTs

Lab 13: Explore SOC Playbooks

Lab 14: Explore Windows O/S

Lab 15: Explore Linux O/S

Lab Initial Set Up
"Learning Services Portal"

Instructor/Delegate Access