Compromised (Linux) Server Lockdown: Hands-On Workshop (separate registration is required)

This hands-on Linux host-based workshop will be run completely on the Virginia Cyber Range (virginiacyberrange.org) cloud. In this intermediate-level Linux security workshop, participants will get a bot-infected Linux server to secure and a trusted audit server to scan/test from. This compromised server lab provides a set of exploratory guidelines but requires beginner to intermediate-level Linux command line/networking skills. The end goal is to discover and document the nature of the system infection, stabilize the systems, and then "mop up" the infected system (if possible) to achieve a functionally secure, yet untrusted, configuration.

Outcomes:

• Learn how to scan and detect abnormal network port bindings
• Learn how to clean up and secure an infected Linux network server using package managers
• Be able to ensure the system state is stable enough to begin data migration to a freshly provisioned system


Requirements: Must bring a wifi/HTML5-browser enabled laptop. Highly recommend bringing a power supply and power cord.