At RangeForce, we focus on both expanding our training coverage and keeping our training up to date. Closing in on 100 training modules across three tracks, security operations, DevOps, and Web Application Security (WASE), we release between 15-20 new modules monthly! To keep everyone up to date on what we are releasing, we will post a bi-monthly blog entry describing each new training. This week – we have four new training modules to share with the RangeForce community!
Some administrators think that it is a good idea to add regular users who are not in the sudo group to the docker/lxd group so they can run Docker/LXD commands. These labs demonstrate (quite terrifyingly) the risks that this behavior entails. Run a few simple commands and see how easy it is to escape a container and escalate to root privilege. These modules will provide hints if you get stuck.
Dirty COW (Dirty copy-on-write) CVE-2016-5195 is a vulnerability that affects all versions of the Linux kernel since version 2.6.22, released in 2007. Using code from a Proof of Concept for the exploit, you will have to compile, run the exploit, and stabilize the system to discover the flag. This module will provide hints if you get stuck.
You have an application called Fl4gPrint3r that will gladly give you the flag you need to complete the exercise. The only problem is that you have an old version of the software, and the new version requires a key. Take advantage of the application’s poor security and get the flag. No hints or hand-holding on this one! This lab will evaluate your skills with fiddler.
If you want to learn more about our training platform and modules, read more here, and we are happy to send you a full list of courses. Just email us at info@rangeforce.com
Follow us on LinkedIn so you will be alerted when our next training module blog is released!