Share
## https://sploitus.com/exploit?id=3BAF28B1-BB65-579D-AB82-AD74E42E37DE
# Computer Security Labs

Hands-on security engineering labs covering offensive and defensive techniques across computer & network security, cryptography, and system exploitation.

## Skills & Tools

| Area | Tools | Concepts |
|------|-------|----------|
| **Exploitation** | Metasploit, Shellcode, GDB, Nmap | Penetration Testing, Vulnerability Assessment, Exploit Development |
| **Network Security** | Snort IDS, OpenVPN, Wireshark, tcpdump, Nping, Netcat | Intrusion Detection, Network Defense, Packet Analysis, Defense in Depth |
| **Cryptography** | AES (ECB/CBC/CFB/OFB), HMAC, SHA-family hashes, OpenSSL | Cryptographic Analysis, Protocol Security |
| **Access Control** | Linux ACLs, Unix permissions, Set-UID programs | Privilege Escalation, Least Privilege |
| **ICS/SCADA** | GrassMarlin, EtherNet/IP, CIP protocol analysis | Passive Reconnaissance, Network Topology Mapping |

## Labs

### 1. [Buffer Overflow Exploitation](./Labs/1_BufferOverflow/L1_BufferOverflow_Report.md)

- Exploited a stack-based buffer overflow in a Set-UID program to gain a root shell
- Crafted shellcode payloads, identified memory offsets with GDB, and used NOP sled techniques
- Tested countermeasures: **ASLR**, **StackGuard canaries**, and **non-executable stack (DEP/NX)**

### 2. [Access Control Lists](./Labs/2_AccessControlLists/L2_ACL_Report.md)

- Configured fine-grained file permissions using `setfacl`/`getfacl` beyond standard Unix `rwx`
- Set default directory ACLs for automatic permission inheritance
- Demonstrated a **Trojan Horse attack** exploiting overly permissive ACLs to exfiltrate data

### 3. [Metasploit Penetration Testing](./Labs/3_Metasploit/L3_Metasploit_Report.md)

- Enumerated 27 services with Nmap across a target system
- Exploited 8 vulnerabilities: backdoored daemons (VSFtpd, UnrealIRCd), command injection (Samba, PHP-CGI), unauthenticated access (Rlogin, Ingreslock), and misconfigured services (Distcc, PostgreSQL)
- Gained root shells on each exploited service

### 4. [Snort Intrusion Detection System](./Labs/4_SnortIDS/L4_Snort_Report.md)

- Wrote custom Snort rules for signature-based detection of reconnaissance scans and data exfiltration
- Tuned rules to reduce false positives and analyzed HTTPS blind spots
- Configured network-aware rules using NAT gateway addressing

### 5. [VPN Configuration & Traffic Analysis](./Labs/5_VPN/L5_VPN_Report.md)

- Built host-to-host and host-to-gateway VPN tunnels with OpenVPN
- Captured traffic with `tcpdump` to compare plaintext HTTP (visible credentials) vs. encrypted tunnel traffic (opaque UDP on port 1194)
- Verified network segmentation and access controls through tunnel topology

### 6. [Symmetric Key Encryption](./Labs/6_SymmetricKeyEncryption/L6_symkey_Report.md)

- Encrypted data under AES-128 in ECB, CBC, CFB, and OFB modes
- Demonstrated ECB's pattern-leaking weakness on bitmap images vs. semantic security of chaining modes
- Analyzed error propagation behavior and block-level corruption across modes

### 7. [MACs & Cryptographic Hashes](./Labs/7_MACs-CryptographicHashes/L7_macs-hash_Report.md)

- Generated SHA-1/224/256/384/512 digests and verified software integrity
- Demonstrated the avalanche effect, pre-image resistance scaling, and collision resistance via the birthday paradox
- Created HMACs and performed brute-force key recovery on weak key spaces

### 8. [Wireshark Packet Analysis](./Labs/8_Wireshark/L8_wireshark_Report.md)

- Analyzed PCAP captures to extract credentials from plaintext Telnet sessions
- Applied display filters (IP, MAC, protocol, port, content-based) and packet slicing for byte-level inspection
- Demonstrated why encrypted protocols like SSH are essential

### 9. [TCP/IP Attacks](./Labs/9_TCP-IP/L9_tcp-ip_Report.md)

- **SYN Flood**: overwhelmed backlog queue; observed SYN cookie mitigation
- **TCP RST**: terminated active sessions with crafted reset packets
- **Session Hijacking**: injected commands into live Telnet sessions via packet spoofing
- **Reverse Shell**: redirected server shell to attacker's listener through session injection

### 10. [GrassMarlin ICS/SCADA Analysis](./Labs/10_GrassMarlin/L10_grassmarlin_Report.md)

- Performed passive reconnaissance on industrial control system traffic
- Identified an Allen-Bradley PLC communicating over EtherNet/IP (port 44818) using CIP protocol
- Mapped network topology, analyzed traffic volumes, and characterized polling behavior, all without active scanning