Hacktivity Lab Sheets
Welcome to the Hacktivity SecGen lab sheets repository. This site contains hands-on cybersecurity lab exercises designed for educational purposes.
Available Labs
Cyber security landscape
Human Factors and Social Engineering: Phishing
Learn about human factors in cybersecurity through hands-on phishing simulation. Practice social engineering techniques, email spoofing, and creating malicious attachments to understand how attackers exploit human psychology.
Introduction to Cryptography: Encoding and Encryption
Learn essential cryptography concepts through hands-on practice with encoding schemes, hash algorithms, OpenSSL, and GPG. Master data encoding, symmetric and asymmetric encryption, and key management.
Documentation
Lab Sheet Highlighting Guide (AI Instructions)
A comprehensive guide for AI assistants on how to properly highlight lab sheets using the new highlighting system. This guide contains examples and instructions for converting plain text lab sheets into properly highlighted versions.
Introducing attacks
Introduction to Linux and Security
Learn Linux fundamentals and security tools, including command-line operations, file system navigation, SSH, and basic penetration testing with Kali Linux.
Malware and an Introduction to Metasploit and Payloads
Explore malware types and ethical hacking techniques using the Metasploit framework. Learn to create Trojan horses, evade anti-malware detection, and generate payloads in a controlled environment.
Vulnerabilities, Exploits, and Remote Access Payloads
Learn about software vulnerabilities, exploits, and payloads including bind shells, reverse shells, and Metasploit framework usage for penetration testing. This lab covers practical exploitation techniques using real-world examples like Adobe Reader vulnerabilities and Distcc remote code execution.
Information Gathering: Scanning
Learn network scanning techniques including ping sweeps, port scanning, service identification, and OS detection using tools like Nmap and custom bash scripts. This lab covers reconnaissance and network mapping for penetration testing.
From Scanning to Exploitation
Learn hands-on scanning and exploitation techniques, including network scanning with Nmap, using Metasploit and Armitage for exploitation, and searching vulnerability databases to gain control of target systems.
Post-exploitation
Learn post-exploitation techniques including privilege escalation, information gathering, password hash collection, and advanced payloads like Meterpreter for maintaining access and pivoting through compromised systems.
Vulnerability Analysis
Learn vulnerability assessment techniques using industry-standard tools like Nmap NSE, Nessus, and Nikto to identify security weaknesses in target systems.
Feeling Blu Challenge - Web Security CTF
A comprehensive CTF challenge focusing on web security, penetration testing, and privilege escalation. Exploit vulnerabilities in a web server to gain access and achieve root access.
Software and malware analysis
Anti-Reverse-Engineering
Advanced anti-reverse-engineering techniques including anti-debugging, anti-disassembly, and code obfuscation methods used by malware to thwart analysis.
Malware Behaviour - Reverse Engineering and Analysis of the Coconut Malware Sample
Advanced malware analysis lab using Hackerbot to analyze the Coconut malware sample, including packer identification, network analysis, backdoor detection, and YARA rule creation.
Introduction to Dynamic and Static Analysis
Learn fundamental malware analysis techniques including static and dynamic analysis of binary executables, and reverse engineering.
Introduction to C Programming
Learn fundamental C programming concepts including data types, arrays, strings, conditionals, loops, functions, and pointers for malware analysis.
From C to Assembly Language
Learn C programming concepts including structs, memory management, bitwise operators, and assembly language for 32-bit x86 processors. Practice reverse engineering and low-level programming skills.
Recognising C Code Constructs in Assembly
Learn to recognize C code constructs in assembly language including branching, conditionals, loops, switch statements, arrays, strings, and structs for reverse engineering and malware analysis.
Ghidra Software Reverse Engineering (SRE)
Learn software reverse engineering using Ghidra, including ELF file structure, disassembly, decompilation, and CTF challenges for malware analysis.
Dynamic Analysis and Debugging
Learn dynamic malware analysis using GDB debugger, including breakpoints, memory examination, register analysis, and CTF challenges for runtime behavior analysis.
Debugging Continued
Advanced dynamic analysis using GDB debugger with 8 challenging CTF exercises covering XOR encryption, memory analysis, register examination, and advanced debugging techniques.
Malware Behaviour: Flag Hints
Advanced malware behavior analysis using dynamic reverse engineering techniques including process forking, network communication, library preloading, and binary unpacking.
Software security exploitation
Understanding Software Vulnerabilities: C, Debugging Assembly, and Buffer Overflows
Learn fundamental software vulnerability concepts through C programming, assembly debugging, and buffer overflow exploitation. Master GDB debugging, understand stack structure, and practice secure coding techniques.
Understanding Software Vulnerabilities: Injection Attacks, Race Conditions, and Format String Attacks
Learn advanced software vulnerability concepts including command injection, race conditions, and format string attacks. Master validation, sanitization, and secure coding practices through hands-on exercises.
Bug Hunting Using Fuzzing and Static Analysis
Learn advanced bug hunting techniques including fuzzing and static analysis to identify software vulnerabilities. This lab covers manual code auditing, fuzzing with Spike, Metasploit FTP fuzzing, and CTF challenges.
Exploit Development: MSF and Windows Stack-smashing Buffer Overflow
Learn advanced exploit development techniques including Windows stack-smashing buffer overflows, Metasploit module creation, and remote system compromise through hands-on exploitation of a vulnerable FTP server.
Exploit Development: Linux and Stack-smashing Buffer Overflows
Learn to identify and exploit buffer overflow vulnerabilities on Linux systems, including manual exploitation techniques and Metasploit exploit development. This lab covers CTF challenges with increasing complexity.
Linux bypassing NX bit with return-to-libc
Learn to bypass Non-Executable (NX) stack protection using return-to-libc attacks. Develop exploits that redirect program execution to functions within the Standard C Library (libc) without executing external code on the stack.
Bypassing Address Space Layout Randomisation (ASLR)
Learn how to bypass Address Space Layout Randomization (ASLR) through information leaks and brute-force attacks. Develop exploits using the Metasploit framework to overcome ASLR, PIE, and RelRO protections.
Linux Buffer Overflows and Advanced Format String Attacks
Learn advanced software security exploitation techniques including format string attacks and buffer overflow vulnerabilities on Linux systems.
Notes for Ch3_Format5
Notes for Ch3_Format5.
Systems security
Active Directory Setup Guide
Learn how to set up Active Directory Domain Services on Windows Server 2016, configure DNS, create users, and join Windows and Linux clients to an Active Directory domain.
LDAP Authentication Setup Guide
Learn how to set up centralised LDAP authentication between an OpenLDAP server and Linux clients using nslcd and PAM for enterprise identity management.
Network Authentication and Directory Services
Introduction to centralised authentication, directory services, and identity management using Active Directory and LDAP in enterprise environments.
Web security
Introducing Web Security: Web and Local Proxy Fundamentals
Learn web security fundamentals through hands-on exercises including HTTP client-server interactions, web server simulation with netcat, dynamic PHP pages, and security testing with OWASP ZAP proxy.
Web Security: Sessions and Cookies
Learn about web security sessions and cookies through hands-on exercises using DVWA, OWASP WebGoat, and Security Shepherd. Understand cookie mechanisms, session management, and security vulnerabilities.
Web Security: Cross-Site Scripting
Learn about Cross-Site Scripting (XSS) attacks through hands-on exercises using DVWA, WebGoat, and Security Shepherd. Understand reflected, stored, and DOM-based XSS vulnerabilities and their mitigation.
Web Security: SQL Injection
Learn about SQL injection attacks through hands-on exercises using DVWA, OWASP WebGoat, and Security Shepherd. Understand SQL injection vulnerabilities, blind SQL injection, and mitigation strategies.
Web Security: Advanced Injection
Learn about advanced injection attacks including OS command injection and automated SQL injection using sqlmap. Understand command injection vulnerabilities and automated penetration testing tools.
Cross-Site Request Forgery
Learn about Cross-Site Request Forgery (CSRF) attacks through hands-on exercises using DVWA, OWASP WebGoat and WebWolf, and Security Shepherd. Understand CSRF vulnerabilities, CORS limitations, and practical skills in executing and defending against such attacks.
Web Security: Additional Challenges
Complete additional web security challenges using Security Shepherd platform, focusing on cryptographic storage vulnerabilities and unvalidated redirects.
Network Security: Labtainers Network Labs
Learn network security fundamentals through hands-on Labtainers exercises including packet analysis with Wireshark and Tshark, firewall configuration with iptables, and VPN implementation using OpenVPN.
General Labs
Human Factors and Social Engineering: Phishing
Learn about human factors in cybersecurity through hands-on phishing simulation. Practice social engineering techniques, email spoofing, and creating malicious attachments to understand how attackers exploit human psychology.
Introduction to Cryptography: Encoding and Encryption
Learn essential cryptography concepts through hands-on practice with encoding schemes, hash algorithms, OpenSSL, and GPG. Master data encoding, symmetric and asymmetric encryption, and key management.
Lab Sheet Highlighting Guide (AI Instructions)
A comprehensive guide for AI assistants on how to properly highlight lab sheets using the new highlighting system. This guide contains examples and instructions for converting plain text lab sheets into properly highlighted versions.
Introduction to Linux and Security
Learn Linux fundamentals and security tools, including command-line operations, file system navigation, SSH, and basic penetration testing with Kali Linux.
Malware and an Introduction to Metasploit and Payloads
Explore malware types and ethical hacking techniques using the Metasploit framework. Learn to create Trojan horses, evade anti-malware detection, and generate payloads in a controlled environment.
Vulnerabilities, Exploits, and Remote Access Payloads
Learn about software vulnerabilities, exploits, and payloads including bind shells, reverse shells, and Metasploit framework usage for penetration testing. This lab covers practical exploitation techniques using real-world examples like Adobe Reader vulnerabilities and Distcc remote code execution.
Information Gathering: Scanning
Learn network scanning techniques including ping sweeps, port scanning, service identification, and OS detection using tools like Nmap and custom bash scripts. This lab covers reconnaissance and network mapping for penetration testing.
From Scanning to Exploitation
Learn hands-on scanning and exploitation techniques, including network scanning with Nmap, using Metasploit and Armitage for exploitation, and searching vulnerability databases to gain control of target systems.
Post-exploitation
Learn post-exploitation techniques including privilege escalation, information gathering, password hash collection, and advanced payloads like Meterpreter for maintaining access and pivoting through compromised systems.
Vulnerability Analysis
Learn vulnerability assessment techniques using industry-standard tools like Nmap NSE, Nessus, and Nikto to identify security weaknesses in target systems.
Feeling Blu Challenge - Web Security CTF
A comprehensive CTF challenge focusing on web security, penetration testing, and privilege escalation. Exploit vulnerabilities in a web server to gain access and achieve root access.
Anti-Reverse-Engineering
Advanced anti-reverse-engineering techniques including anti-debugging, anti-disassembly, and code obfuscation methods used by malware to thwart analysis.
Malware Behaviour - Reverse Engineering and Analysis of the Coconut Malware Sample
Advanced malware analysis lab using Hackerbot to analyze the Coconut malware sample, including packer identification, network analysis, backdoor detection, and YARA rule creation.
Introduction to Dynamic and Static Analysis
Learn fundamental malware analysis techniques including static and dynamic analysis of binary executables, and reverse engineering.
Introduction to C Programming
Learn fundamental C programming concepts including data types, arrays, strings, conditionals, loops, functions, and pointers for malware analysis.
From C to Assembly Language
Learn C programming concepts including structs, memory management, bitwise operators, and assembly language for 32-bit x86 processors. Practice reverse engineering and low-level programming skills.
Recognising C Code Constructs in Assembly
Learn to recognize C code constructs in assembly language including branching, conditionals, loops, switch statements, arrays, strings, and structs for reverse engineering and malware analysis.
Ghidra Software Reverse Engineering (SRE)
Learn software reverse engineering using Ghidra, including ELF file structure, disassembly, decompilation, and CTF challenges for malware analysis.
Dynamic Analysis and Debugging
Learn dynamic malware analysis using GDB debugger, including breakpoints, memory examination, register analysis, and CTF challenges for runtime behavior analysis.
Debugging Continued
Advanced dynamic analysis using GDB debugger with 8 challenging CTF exercises covering XOR encryption, memory analysis, register examination, and advanced debugging techniques.
Malware Behaviour: Flag Hints
Advanced malware behavior analysis using dynamic reverse engineering techniques including process forking, network communication, library preloading, and binary unpacking.
Understanding Software Vulnerabilities: C, Debugging Assembly, and Buffer Overflows
Learn fundamental software vulnerability concepts through C programming, assembly debugging, and buffer overflow exploitation. Master GDB debugging, understand stack structure, and practice secure coding techniques.
Understanding Software Vulnerabilities: Injection Attacks, Race Conditions, and Format String Attacks
Learn advanced software vulnerability concepts including command injection, race conditions, and format string attacks. Master validation, sanitization, and secure coding practices through hands-on exercises.
Bug Hunting Using Fuzzing and Static Analysis
Learn advanced bug hunting techniques including fuzzing and static analysis to identify software vulnerabilities. This lab covers manual code auditing, fuzzing with Spike, Metasploit FTP fuzzing, and CTF challenges.
Exploit Development: MSF and Windows Stack-smashing Buffer Overflow
Learn advanced exploit development techniques including Windows stack-smashing buffer overflows, Metasploit module creation, and remote system compromise through hands-on exploitation of a vulnerable FTP server.
Exploit Development: Linux and Stack-smashing Buffer Overflows
Learn to identify and exploit buffer overflow vulnerabilities on Linux systems, including manual exploitation techniques and Metasploit exploit development. This lab covers CTF challenges with increasing complexity.
Linux bypassing NX bit with return-to-libc
Learn to bypass Non-Executable (NX) stack protection using return-to-libc attacks. Develop exploits that redirect program execution to functions within the Standard C Library (libc) without executing external code on the stack.
Bypassing Address Space Layout Randomisation (ASLR)
Learn how to bypass Address Space Layout Randomization (ASLR) through information leaks and brute-force attacks. Develop exploits using the Metasploit framework to overcome ASLR, PIE, and RelRO protections.
Linux Buffer Overflows and Advanced Format String Attacks
Learn advanced software security exploitation techniques including format string attacks and buffer overflow vulnerabilities on Linux systems.
Notes for Ch3_Format5
Notes for Ch3_Format5.
Active Directory Setup Guide
Learn how to set up Active Directory Domain Services on Windows Server 2016, configure DNS, create users, and join Windows and Linux clients to an Active Directory domain.
LDAP Authentication Setup Guide
Learn how to set up centralised LDAP authentication between an OpenLDAP server and Linux clients using nslcd and PAM for enterprise identity management.
Network Authentication and Directory Services
Introduction to centralised authentication, directory services, and identity management using Active Directory and LDAP in enterprise environments.
Introducing Web Security: Web and Local Proxy Fundamentals
Learn web security fundamentals through hands-on exercises including HTTP client-server interactions, web server simulation with netcat, dynamic PHP pages, and security testing with OWASP ZAP proxy.
Web Security: Sessions and Cookies
Learn about web security sessions and cookies through hands-on exercises using DVWA, OWASP WebGoat, and Security Shepherd. Understand cookie mechanisms, session management, and security vulnerabilities.
Web Security: Cross-Site Scripting
Learn about Cross-Site Scripting (XSS) attacks through hands-on exercises using DVWA, WebGoat, and Security Shepherd. Understand reflected, stored, and DOM-based XSS vulnerabilities and their mitigation.
Web Security: SQL Injection
Learn about SQL injection attacks through hands-on exercises using DVWA, OWASP WebGoat, and Security Shepherd. Understand SQL injection vulnerabilities, blind SQL injection, and mitigation strategies.
Web Security: Advanced Injection
Learn about advanced injection attacks including OS command injection and automated SQL injection using sqlmap. Understand command injection vulnerabilities and automated penetration testing tools.
Cross-Site Request Forgery
Learn about Cross-Site Request Forgery (CSRF) attacks through hands-on exercises using DVWA, OWASP WebGoat and WebWolf, and Security Shepherd. Understand CSRF vulnerabilities, CORS limitations, and practical skills in executing and defending against such attacks.
Web Security: Additional Challenges
Complete additional web security challenges using Security Shepherd platform, focusing on cryptographic storage vulnerabilities and unvalidated redirects.
Network Security: Labtainers Network Labs
Learn network security fundamentals through hands-on Labtainers exercises including packet analysis with Wireshark and Tshark, firewall configuration with iptables, and VPN implementation using OpenVPN.
About
These lab sheets are designed to provide practical, hands-on experience with various cybersecurity concepts and techniques.
These labs are written to be completed on VMs configured with practical hacking/security challenges.
Option 1: Hacktivity Cyber Security Labs (Recommended)
Visit Hacktivity Cyber Security Labs for a fully configured, cloud-based lab environment
- No setup required - labs are pre-configured and ready to use
- Access to virtual machines and all required tools
- Perfect for students and educators
Option 2: Manual Setup with SecGen
For advanced users who want to build their own lab environment:
- Use SecGen (Security Scenario Generator) to create vulnerable VMs
- Requires technical expertise in virtualization and security tools
Contributing
If you’d like to contribute new labs or improvements to existing ones, please see the repository’s contribution guidelines.