๐Ÿงช Labs & Demos

Educational, defensive security labs and sandboxed demonstrations. All labs are designed for learning and authorized testing only.

โš–๏ธ Important: These labs are for educational purposes in authorized, controlled environments only. Unauthorized access to computer systems is illegal. Always obtain proper authorization before testing any systems.

Vulnerability Scanning with Nmap

Educational walkthrough of network reconnaissance using Nmap on a controlled test environment.

Tools:

Nmap, Zenmap GUI

Learning Outcome:

Understand network mapping, open ports, service detection without causing harm.

โš ๏ธ For authorized networks only

Quick Start:

Step 1: Setup a local test server. Step 2: Run: nmap -sV localhost. Step 3: Interpret results.

OWASP Juice Shop - Secure Code Training

Safe, intentionally vulnerable web app to learn and practice security testing.

Tools:

OWASP Juice Shop, Burp Suite Community

Learning Outcome:

Practice SQL injection, XSS, broken authentication in a sandboxed environment.

โœ… Safe sandbox - no real systems harmed

Quick Start:

Download Juice Shop Docker image, run locally, attack the app to learn defenses.

Incident Response Playbook Walk-Through

Simulated incident response scenario with decision trees and communication templates.

Tools:

Playbook PDF, Communication Templates

Learning Outcome:

Learn to respond to incidents systematically and communicate with stakeholders.

๐Ÿ“‹ Process-focused, no technical exploits

Quick Start:

Review the playbook template, simulate a breach scenario, practice your response steps.

Password Security Lab

Hash cracking demonstration showing why strong passwords matter.

Tools:

Hashcat (password hashing), Weak vs. Strong examples

Learning Outcome:

Understand hash functions, salting, and why password complexity is critical.

๐Ÿ” Educational - hashes only, no actual passwords cracked

Quick Start:

Learn about hash algorithms, see demo of weak passwords cracking vs. strong ones.

Secure Configuration Checklist

Step-by-step hardening guide for WordPress, servers, and common applications.

Tools:

Configuration Templates, Best Practices Guide

Learning Outcome:

Learn defensive security practices and how to harden your infrastructure.

โœ… Defensive - no attacks, only defenses

Quick Start:

Review the checklist for your platform, implement configurations, verify security.

Phishing Email Analysis

Dissect real phishing samples (sanitized) to learn red flags and detection techniques.

Tools:

Email Headers, Analysis Tools

Learning Outcome:

Train teams to recognize phishing attempts and respond appropriately.

๐Ÿ“ง Sample emails only - safe for training

Quick Start:

Review headers, analyze sender info, practice identifying suspicious emails.

Setup Your Lab Environment

โœ… Use a local virtual machine or Docker container for all labs

โœ… Never run labs against live, unauthorized systems

โœ… Always maintain backups before testing

โœ… Document your findings and lessons learned

โœ… Share results only with authorized stakeholders