Lab Scenario
Welcome to the Reconnaissance & Evasion phase of the Cyber Defense curriculum. In this lab, you assume the role of an external attacker situated in the WAN zone. Your organization has tightened security, blocking all direct access to the internal LAN.
Your Mission: Map the perimeter to find a weak point in the DMZ, then utilize SSH Tunneling to pivot through that host and access critical infrastructure (IAM Server) hidden deep within the LAN. Finally, switch to the Blue Team to detect these specific attacks.
🕒 Duration: 3-4 Hours
💻 Hypervisor: VirtualBox
🔧 Tool: Nmap, SSH, Snort
🔴 Red Team Objectives
- Scan DMZ for open ports (Nmap)
- Identify service versions (Banner Grabbing)
- Establish SSH Tunnel (Port Forwarding)
- Access LAN via Pivot (RDP)
🔵 Blue Team Objectives
- Analyze Firewall Logs for noise
- Configure Snort IDS on IAM Server
- Write Custom Snort Rules
- Detect Tunneling Activity
Network Topology
💻
Attacker (WAN)
Kali Linux
Bridge / Home IP
🔥
Open-Source Firewall
Rules Engine
Allows: 80, 22 -> DMZ
🌐
DMZ Zone
192.168.2.x
Target: Web Svr
Blocked
🏢
LAN Zone
192.168.1.10
Target: IAM Svr