From c580ed71a3812e822e10788366ca45d4d436bd19 Mon Sep 17 00:00:00 2001 From: Garrett Heaton Date: Wed, 19 Aug 2020 05:23:34 +0000 Subject: [PATCH] We HAVE to convert retain these as labs --- requirements/ABILITIES.json | 323 +----------------------------------- requirements/KNOWLEDGE.json | 64 +++---- requirements/SKILLS.json | 30 ++-- 3 files changed, 42 insertions(+), 375 deletions(-) diff --git a/requirements/ABILITIES.json b/requirements/ABILITIES.json index 994c848..572fab6 100644 --- a/requirements/ABILITIES.json +++ b/requirements/ABILITIES.json @@ -1093,9 +1093,7 @@ { "_id": "A0356", "parent": [ - "A0355", - "A0408", - "A0419" + "A0355" ], "description": "Write an application/tool user guide", "topic": "Development Operations", @@ -1105,7 +1103,8 @@ "requirement_owner": "ACC A3/2/6KO", "comments": "", "training": [], - "eval": [] + "eval": [], + "updated_on": "2020-08-19" }, { "_id": "A0358", @@ -1124,10 +1123,7 @@ }, { "_id": "A0359", - "parent": [ - "A0408", - "A0419" - ], + "parent": [], "description": "Utilize ticketing tool to structure team activities", "topic": "Development Operations", "requirement_src": [ @@ -1136,14 +1132,12 @@ "requirement_owner": "ACC A3/2/6KO", "comments": "jira, gitlab", "training": [], - "eval": [] + "eval": [], + "updated_on": "2020-08-19" }, { "_id": "A0360", - "parent": [ - "A0408", - "A0419" - ], + "parent": [], "description": "Utilize knowledge management tool to document internal team knowledge and end user documentation", "topic": "Development Operations", "requirement_src": [ @@ -1152,307 +1146,8 @@ "requirement_owner": "ACC A3/2/6KO", "comments": "confluence, wiki etc", "training": [], - "eval": [] -}, -{ - "_id": "A0408", - "description": "Given a 2-3 person team and customer requirements/assigned scenario, develop a tool.", - "parent": [ - "T0005" - ], - "topic": "Tool Development", - "requirement_src": [ - "ACC CCD CDD TTL" - ], - "requirement_owner": "ACC A3/2/6KO", - "comments": "Difficulty level 1; Build a client on Windows and server on Linux to transfer files back and forth.; Build a Windows tool in C that receives data and writes to disk.; Build a Windows tool in C that will list running processes.", - "training": [], - "eval": [] -}, -{ - "_id": "A0410", - "parent": [ - "A0408" - ], - "description": "Build a tool that writes an RC script to start a process at boot", - "topic": "Tool Development", - "requirement_src": [], - "requirement_owner": "", - "comments": "Difficulty level 1", - "training": [], - "eval": [] -}, -{ - "_id": "A0412", - "parent": [ - "A0408" - ], - "description": "Build a Linux tool in C that receives data and writes to disk", - "topic": "Linux", - "requirement_src": [], - "requirement_owner": "", - "comments": "Difficulty level 1", - "training": [], - "eval": [] -}, -{ - "_id": "A0413", - "parent": [ - "A0408" - ], - "description": "Write a binary patch to change assembly program functionality", - "topic": "Tool Development", - "requirement_src": [], - "requirement_owner": "", - "comments": "Difficulty level 2", - "training": [], - "eval": [] -}, -{ - "_id": "A0414", - "parent": [ - "A0408" - ], - "description": "Build a Linux tool in Python to perform bulk encryption, decryption and export key to persistent location", - "topic": "Linux", - "requirement_src": [], - "requirement_owner": "", - "comments": "Difficulty level 3", - "training": [], - "eval": [] -}, -{ - "_id": "A0416", - "parent": [ - "A0408" - ], - "description": "Build a Linux tool in C that will list running processes.", - "topic": "Linux", - "requirement_src": [], - "requirement_owner": "", - "comments": "Difficulty level 3", - "training": [], - "eval": [] -}, -{ - "_id": "A0417", - "parent": [ - "A0408" - ], - "description": "Write a DLL that pops a message box with text (or other effect).", - "topic": "Tool Development", - "requirement_src": [], - "requirement_owner": "", - "comments": "Difficulty level 3", - "training": [], - "eval": [] -}, -{ - "_id": "A0419", - "description": "Given a 2-3 person team and incomplete customer requirements/assigned scenario, develop a tool.", - "parent": [ - "T0005" - ], - "topic": "Tool Development", - "requirement_src": [ - "ACC CCD CDD TTL" - ], - "requirement_owner": "ACC A3/2/6KO", - "comments": "Difficulty level 4", - "training": [], - "eval": [] -}, -{ - "_id": "A0420", - "parent": [ - "A0419" - ], - "description": "Build a tool (choice of C or Python) that performs a DNS query without gethostbyname()", - "topic": "Tool Development", - "requirement_src": [ - "ACC CCD CDD TTL" - ], - "requirement_owner": "ACC A3/2/6KO", - "comments": "Difficulty level 4", - "training": [], - "eval": [] -}, -{ - "_id": "A0421", - "parent": [ - "A0419" - ], - "description": "Build a tool that recursively finds parses MP3 file headers to display ID3 tags", - "topic": "Tool Development", - "requirement_src": [], - "requirement_owner": "", - "comments": "Difficulty level 4", - "training": [], - "eval": [] -}, -{ - "_id": "A0422", - "parent": [ - "A0419" - ], - "description": "Build a tool in Python that controls another process using standard in, standard out, and standard error ", - "topic": "Tool Development", - "requirement_src": [], - "requirement_owner": "", - "comments": "Difficulty Level 4", - "training": [], - "eval": [] -}, -{ - "_id": "A0423", - "parent": [ - "A0419" - ], - "description": "Build a console application in C that executes commands as child processes and prints the output", - "topic": "Tool Development", - "requirement_src": [], - "requirement_owner": "", - "comments": "Difficulty level 2 - (list processes, directories, current user, /etc/shadow, config files, specific registry keys)", - "training": [], - "eval": [] -}, -{ - "_id": "A0424", - "parent": [ - "A0419" - ], - "description": "Build a console application in C that makes an API call to retrieve information", - "topic": "Tool Development", - "requirement_src": [ - "ACC CCD CDD TTL" - ], - "requirement_owner": "ACC A3/2/6KO", - "comments": "Difficulty Level 3 - (list processes, directories, current user, /etc/shadow, config files, specific registry keys)", - "training": [], - "eval": [] -}, -{ - "_id": "A0425", - "parent": [ - "A0419" - ], - "description": "Build a console application in C that makes an API call to retrieve information, writes the data (ecrypted) to the disk", - "topic": "Tool Development", - "requirement_src": [], - "requirement_owner": "", - "comments": "Difficulty Level 4 - (list processes, directories, current user, /etc/shadow, config files, specific registry keys)", - "training": [], - "eval": [] -}, -{ - "_id": "A0426", - "parent": [ - "A0419" - ], - "description": "Write a client-server application in python and C that serializes data and transfers over the network", - "topic": "Tool Development", - "requirement_src": [], - "requirement_owner": "CYA ", - "comments": "Difficulty Level 4 - instructor provided protocol definition", - "training": [], - "eval": [] -}, -{ - "_id": "A0427", - "parent": [ - "A0419" - ], - "description": "Write a program in C that accepts connections and updates a global data structure with information and simultaneously allows the user to query the contents of the data structure", - "topic": "Tool Development", - "requirement_src": [], - "requirement_owner": "", - "comments": "Difficulty Level 4", - "training": [], - "eval": [] -}, -{ - "_id": "A0428", - "description": "Given a 4-6 person team and incomplete customer requirements/assigned scenario, develop a tool.", - "parent": [ - "T0005" - ], - "topic": "Linux", - "requirement_src": [ - "ACC CCD CDD TTL" - ], - "requirement_owner": "ACC A3/2/6KO", - "comments": "Difficulty level 5", - "training": [], - "eval": [] -}, -{ - "_id": "A0429", - "parent": [ - "A0428" - ], - "description": "Build a Linux tool in C to spoof ARP for host to assume MITM", - "topic": "Linux", - "requirement_src": [ - "ACC CCD CDD TTL" - ], - "requirement_owner": "ACC A3/2/6KO", - "comments": "Difficulty level 5", - "training": [], - "eval": [] -}, -{ - "_id": "A0430", - "parent": [ - "A0428" - ], - "description": "Build a Windows tool to perform local system survey and write to disk", - "topic": "Windows", - "requirement_src": [], - "requirement_owner": "", - "comments": "Difficulty level 5", - "training": [], - "eval": [] -}, -{ - "_id": "A0432", - "description": "Given a 4-6 person team and customer requirements/assigned scenario, develop a tool.", - "parent": [ - "T0005" - ], - "topic": "Windows", - "requirement_src": [ - "ACC CCD CDD TTL" - ], - "requirement_owner": "ACC A3/2/6KO", - "comments": "RATs Windows and Linux that implement the following functionality: Execute user commands (e.g. ps, netstat, etc.) and returns output. Capture running processes by API and return output. Return the current user. (Windows) Pull registry keys specified by instructor (e.g. Run, RunOnce). (Linux) Pull the contents of /etc/shadow and /etc/issue. Return a file/directory listing using API. Upload and download a file from the system the RAT is on. Change the current working directory of the RAT (future user executed commands should inherit the current working directory). Add self to startup process (Persistence- students are told exactly where). Burn off - Delete persistence and exit process. Determine hosts on the collision domain (ARP sniffing). Implements a time-based call back (use standard TCP for C2). Create custom C2 protocol. Encrypt file (use instructor provided library). Receive call back domain/IP via command line arguments. Notes: Not expecting this to be an enterprise level tool. This will be proof of concept. Not looking for OPSEC, stealth or authentication of RATs or network traffic.", - "training": [], - "eval": [] -}, -{ - "_id": "A0433", - "parent": [ - "A0432" - ], - "description": "Develop a Windows Remote Access Tool \u0026 a Linus Remote Access Tool", - "topic": "Windows", - "requirement_src": [], - "requirement_owner": "", - "comments": "RATs Windows and Linux that implement the following functionality: Execute user commands (e.g. ps, netstat, etc.) and returns output. Capture running processes by API and return output. Return the current user. (Windows) Pull registry keys specified by instructor (e.g. Run, RunOnce). (Linux) Pull the contents of /etc/shadow and /etc/issue. Return a file/directory listing using API. Upload and download a file from the system the RAT is on. Change the current working directory of the RAT (future user executed commands should inherit the current working directory). Add self to startup process (Persistence- students are told exactly where). Burn off - Delete persistence and exit process. Determine hosts on the collision domain (ARP sniffing). Implements a time-based call back (use standard TCP for C2). Create custom C2 protocol. Encrypt file (use instructor provided library). Receive call back domain/IP via command line arguments. Notes: Not expecting this to be an enterprise level tool. This will be proof of concept. Not looking for OPSEC, stealth or authentication of RATs or network traffic.", - "training": [], - "eval": [] -}, -{ - "_id": "A0434", - "parent": [ - "A0432" - ], - "description": "Develop Remote Access Trojan Operator Interface", - "topic": "Tool Development", - "requirement_src": [], - "requirement_owner": "", - "comments": "Operator Interface: Handles all RATs call backs, tasking and operator inputs simultaneously. Allow one operator to task up to 5 RATs. Track active (within last 10 minutes) RATs. Must accept user input commands as defined by custom C2 protocol to task specific RATs. Tasks commands apply to one RAT at a time. Must be able to specify the RATs for tasking. Must print the response from the task to the screen when task is complete. Operator interface serves files for transfer over TCP Notes: Not expecting this to be an enterprise level tool. This will be proof of concept. Not looking for OPSEC, stealth or authentication of RATs or network traffic.", - "training": [], - "eval": [] + "eval": [], + "updated_on": "2020-08-19" }, { "_id": "A0444", diff --git a/requirements/KNOWLEDGE.json b/requirements/KNOWLEDGE.json index a5f4983..5bf4f97 100644 --- a/requirements/KNOWLEDGE.json +++ b/requirements/KNOWLEDGE.json @@ -3450,12 +3450,7 @@ { "_id": "K0164", "description": "Understand Inter Process Communication (IPC) fundamentals", - "parent": [ - "A0408", - "A0419", - "A0428", - "A0432" - ], + "parent": [], "topic": "OS", "requirement_src": [ "ACC CCD CDD TTL" @@ -3463,7 +3458,8 @@ "requirement_owner": "ACC A3/2/6KO", "comments": "Both Windows and Linux", "training": [], - "eval": [] + "eval": [], + "updated_on": "2020-08-19" }, { "_id": "K0165", @@ -5362,10 +5358,7 @@ { "_id": "K0268", "description": "Describe calling conventions used in Windows API (32it \u0026 64bit)", - "parent": [ - "A0430", - "A0433" - ], + "parent": [], "topic": "Windows", "requirement_src": [ "ACC CCD CDD TTL" @@ -5373,15 +5366,13 @@ "requirement_owner": "ACC A3/2/6KO", "comments": "Stdcall; cdecl; fastcall; thiscall", "training": [], - "eval": [] + "eval": [], + "updated_on": "2020-08-19" }, { "_id": "K0273", "description": "Understand the different Windows APIs", - "parent": [ - "A0430", - "A0433" - ], + "parent": [], "topic": "Windows", "requirement_src": [ "ACC CCD CDD TTL" @@ -5389,15 +5380,13 @@ "requirement_owner": "ACC A3/2/6KO", "comments": "Describe the Nt API; Describe the Zw API, Describe the Rtl API; Describe the Ldr API", "training": [], - "eval": [] + "eval": [], + "updated_on": "2020-08-19" }, { "_id": "K0278", "description": "Understand naming conventions and macro theory associated with Windows API", - "parent": [ - "A0430", - "A0433" - ], + "parent": [], "topic": "Windows", "requirement_src": [ "ACC CCD CDD TTL" @@ -5405,7 +5394,8 @@ "requirement_owner": "ACC A3/2/6KO", "comments": "LPCTSTR decoded...; Describe the date/time convention; Describe how using Unicode affects Windows API function calls and data types; Describe the Windows API macro theory; Describe the Windows naming; conventions; Describe Windows data types", "training": [], - "eval": [] + "eval": [], + "updated_on": "2020-08-19" }, { "_id": "K0284", @@ -5425,12 +5415,7 @@ { "_id": "K0287", "description": "Understand the Linux configuration startup", - "parent": [ - "A0412", - "A0414", - "A0416", - "A0429" - ], + "parent": [], "topic": "Linux", "requirement_src": [ "ACC CCD CDD TTL" @@ -5438,7 +5423,8 @@ "requirement_owner": "ACC A3/2/6KO", "comments": "", "training": [], - "eval": [] + "eval": [], + "updated_on": "2020-08-19" }, { "_id": "K0288", @@ -5498,12 +5484,7 @@ { "_id": "K0292", "description": "Understand process fundamentals in Linux", - "parent": [ - "A0412", - "A0414", - "A0416", - "A0429" - ], + "parent": [], "topic": "Linux", "requirement_src": [ "ACC CCD CDD TTL" @@ -5511,7 +5492,8 @@ "requirement_owner": "ACC A3/2/6KO", "comments": "", "training": [], - "eval": [] + "eval": [], + "updated_on": "2020-08-19" }, { "_id": "K0293", @@ -5558,12 +5540,7 @@ { "_id": "K0296", "description": "Understand signal fundamentals in Linux", - "parent": [ - "A0412", - "A0414", - "A0416", - "A0429" - ], + "parent": [], "topic": "Linux", "requirement_src": [ "ACC CCD CDD TTL" @@ -5571,7 +5548,8 @@ "requirement_owner": "ACC A3/2/6KO", "comments": "", "training": [], - "eval": [] + "eval": [], + "updated_on": "2020-08-19" }, { "_id": "K0297", diff --git a/requirements/SKILLS.json b/requirements/SKILLS.json index dab3231..b84771b 100644 --- a/requirements/SKILLS.json +++ b/requirements/SKILLS.json @@ -6303,9 +6303,7 @@ "_id": "S0152", "description": "Perform Windows API error analysis", "parent": [ - "T0009", - "A0408", - "A0419" + "T0009" ], "topic": "C", "requirement_src": [ @@ -6314,15 +6312,14 @@ "requirement_owner": "ACC A3/2/6KO", "comments": "GetLastError(), helpmsg", "training": [], - "eval": [] + "eval": [], + "updated_on": "2020-08-19" }, { "_id": "S0153", "description": "Utilize Windows API File IO", "parent": [ - "T0009", - "A0408", - "A0419" + "T0009" ], "topic": "C", "requirement_src": [ @@ -6331,15 +6328,14 @@ "requirement_owner": "ACC A3/2/6KO", "comments": "functions: CreateFile(), HANDLE, FindFirstFile(), FindFirstFileEx(), FindNextFile(), FindClose(), ReadFile(), WriteFiLE(), CloseHandle()", "training": [], - "eval": [] + "eval": [], + "updated_on": "2020-08-19" }, { "_id": "S0154", "description": "Utilize MSDN Documents to find function details", "parent": [ - "T0009", - "A0408", - "A0419" + "T0009" ], "topic": "C", "requirement_src": [ @@ -6348,17 +6344,14 @@ "requirement_owner": "ACC A3/2/6KO", "comments": "registry, Processes (CreateProcess(), Synchronization: WaitForSingleObject()), Threads (CreateThread(), CreateMutex()), Windows Sockets (WSAStartup), WSACleanup()...), Windows Services (StartServiceCtrlDispatcher()...)", "training": [], - "eval": [] + "eval": [], + "updated_on": "2020-08-19" }, { "_id": "S0155", "description": "Utilize man pages to find function details and utilize function", "parent": [ - "T0009", - "A0408", - "A0419", - "A0428", - "A0432" + "T0009" ], "topic": "C", "requirement_src": [ @@ -6367,7 +6360,8 @@ "requirement_owner": "ACC A3/2/6KO", "comments": "File IO, File and Directory Management, Date/Time Conventions, Signals, IPC, Sockets, Inline Functions, Buffered IO, Advanced IO, PIDS, Fork(), exec(), wait(), waidpid(), system(), setuid(), setgid(), setreuid(), setreguid(), setpgid(), getpriority(), setpriority(), nice()", "training": [], - "eval": [] + "eval": [], + "updated_on": "2020-08-19" }, { "_id": "S0156", -- GitLab