BOOK THIS SPACE FOR AD
ARTICLE ADiCSI@NEISD Security Operations Center Classroom
VM download with walkthrough linked at the bottom of this post.
As I hope many know, I’m passionate about bringing hands-on experiences to cybersecurity classrooms, where students can engage with real-world challenges and learn by doing! Helping students prepare for the Security+ and finding ways to incorporate VM challenges/labs that align with both what employers want and the test objectives is an ongoing, super fun endeavor.
On websites like https://ctftime.org, students can find weekly CTF competitions, which are free to sign up for and compete in. This lab is designed to emulate a standard challenge design within these competition environments.
Lab Summary:
Flask/Jinja2 Web application target.Focus on XSS: The lab centers around exploiting Cross-Site Scripting (XSS) vulnerabilities.Source Code Provided: The lab includes the complete source code of the web application, encouraging participants to perform static analysis.Bot Interaction: Participants trigger a bot to visit a malicious URL and exfiltrate sensitive data, a common scenario in CTFs.Download the VM and walkthrough here.