Welcome to the OffSec Cyber Range. This article aims to provide you with all the necessary information about the technical requirements, OffSec Cyber Range labs, instructions to connect to the VPN and more useful information to maximize your experience in the training environment and labs. We encourage you to read this article thoroughly to ensure that you have all the information you need to get the most out of the training labs.
- Minimum Technical Requirements
- The OffSec Cyber Range Labs
- Accessing the OffSec Cyber Labs in the Learning Library
- Connecting to the Labs
- Accessing mission objectives
- OffSec Cyber Range Dashboard
- Flags submission
- Rate and submit a feedback on a machine
Minimum required hardware for your host OS:
- CPU: 64-bit Dual Core (2.2 GHz per core)
- RAM: 8 GB (recommended)
- Minimum 60GB disk space
Minimum required software for your host OS:
- Operating system: Any operating system that supports virtualization
- Minimum 5mbps Download/ 1mbps Upload speeds
- Stable connection that does not drop
The OffSec Cyber Range is a simulated network infrastructure that allows learners to sharpen their skills and demonstrate technical competence. It is integrated in the Learn Enterprise subscription which is accessible in the OffSec Learning Library. The environment provides learners with the ability to work with a variety of machines and networks to develop their skills in cyber security.
Initially, OffSec Cyber Range offers a wide array of Attacking chains of machines that are dedicated to each learner which are set to be powered up on demand.
The Labs machines include a mix of Windows and Linux operating systems, allowing for a comprehensive learning experience across multiple platforms. It also includes multiple networks, providing students with the opportunity to work with different network configurations. Additionally, there are multiple Active Directory chains, allowing students to gain hands-on experience with this commonly used tool in the IT industry.
Embark on a journey through an extensive range of attack vectors, covering:
- Windows and Linux machines: Explore vulnerabilities and misconfigurations specific to both Windows and Linux operating systems. Gain insights into privilege escalation, lateral movement, and post-exploitation techniques on these platforms.
- Active Directory: Understand the importance of Active Directory (AD) in many corporate environments and learn how to exploit AD misconfigurations, weak authentication, and insecure permissions.
- Web application: Learn about common web application vulnerabilities, like cross-site scripting (XSS), SQL injection, and remote code execution, to effectively assess and secure web applications.
- Phishing attacks: Delve into social engineering techniques used to deceive individuals and trick them into revealing sensitive information or performing actions that compromise security.
- Supply chain attacks: Examine attacks that exploit vulnerabilities in the supply chain to compromise hardware, software, or services before they reach the end-users.
- CVE attacks: Study how attackers leverage known vulnerabilities (CVEs) in software and systems to gain unauthorized access or execute malicious code.
- XDay attacks: Explore targeted attacks, zero-day vulnerabilities, and sophisticated intrusion techniques employed by advanced persistent threats (APTs) and nation-state actors.
We welcome you to the next frontier of cybersecurity training with OffSec Cyber Range Defense! Our groundbreaking addition to the renowned Attack chains of machines offers an unmatched virtual experience, where your team becomes true cyber sentinels mastering both offense and defense.
Defense Labs complements Attack Labs, empowering your experts to effectively navigate real-world threats and elevate their digital forensics, incident handling, and advanced threat hunting skills.
From refining offensive tactics in Attack Labs to crafting unyielding defense strategies in Defense Labs, your team will face hyper-realistic simulations and emerge as a unified force, ready to defend your digital landscape with unwavering expertise.
The Defend chain of machines offered provides hands-on experience in defending against real-world cyber threats, covering critical areas, including:
- Active directory: Gain in-depth knowledge and practical skills to protect one of the most targeted assets in your network, ensuring its integrity and resilience against attacks.
- Phishing: Learn to identify, mitigate, and prevent phishing attempts, a prevalent social engineering tactic used to compromise organizations.
- Web: Develop the ability to secure web applications and services, safeguarding against web-based attacks and vulnerabilities that pose significant risks to your infrastructure.
To access OffSec Cyber Range, please go to the Labs section on the Library tab of your Learning Library account.
Your connection to the lab is to be done with Kali Linux using OpenVPN. We are unable to provide any VPN connectivity support if you choose to use another setup. It is also highly recommended that you download and use the Kali VMware image for the most streamlined experience. For more information, please visit here.
At the moment, universal VPN does not support OffSec Cyber Range. You will need to download the "OffSec Cyber Range VPN Connection File" to your Kali Linux machine from the "VPN" tab of your OffSec Learning Library control panel on the OffSec Cyber Range page. Use openvpn to initiate the VPN connection to the labs.
Once downloaded you will find an ovpn file that you will use to connect to the VPN.
When starting a lab machine, you will gain access to documentation that outlines your objectives.
If you need a second look at your objectives while working on the machine, simply click on the IP address in the machine list.
On your dashboard, you can:
- Search by lab machine name on the search bar.
- Filter by Operating system, difficulty and type
- Sort by machine name, points, difficulty, last action or by progress.
- Hover over the machine name to see the details of the machine such as: the machine name, the author of the machine, the release date of the machine and information if it includes a walkthrough.
- Start a machine.
- Revert a machine.
- Submit a flag.
- Provide feedback.
- Take notes.
- Access mission objectives.
- Rate a machine.
Flag values are dynamically generated when you start a machine and they are destroyed when the machine is stopped. That means that you should submit their values while the machine is still running. While we recognize that learners come with different experiences and this affects the time to exploit a machine, we also expect that to get the flag values any learner will need a minimum of 15 minutes working on a machine.
To rate a machine or share your feedback, simply click on the 'Rate difficulty' and 'Feedback' buttons located in the Menu.
For further guidance and details, please click here.