MDEC NxFORCE 6 Weeks Program Report

Cybersecurity has definitely becoming one of the most pressing issues and digital threats are growing in tandem with the growing complexity of the digital landscape. Thus, it is imperative to get our cybersecurity professionals and community to be equipped with sufficient skills and knowledge.

As part of the benefits of a Premier Digital Tech Institution, MDEC has offered our students the opportunity to attend a 6 weeks training program, a collaboration with LE-Global Services (LGMS), to train and develop the next-gen cybersecurity professionals (NxForce), leveraging on Asia Cybersecurity Exchange (AsiaCyberX) platform. This is part of MDEC’s commitment to further building cybersecurity talents in addressing the current shortage in the industry.

The 6-weeks program comprising of training, certification exam and mentoring. Key benefits are:

  • Obtain an industry-recognized professional certification (i.e. ISACA)
  • Industry immersion via hands-on lab and mentorship with experienced cybersecurity professionals
  • Assistance with internship placements where applicable

4SCSR students after the final exam attended the first two cohorts:

  • Cohort 1 (2 July – 10 August)  Mohd Fakrul Shazwan & Muhammad Amirul
  • Cohort 2 (6 August – 14 September) Ahmad Fazrin, Mior Muhammad Lutfi, Mohamad Fakhrulradhi, Mohammad Nor Syafhuan,  Siti Nurlaila & Zaid.

Week 2 – System Admin (System Hardening)

As a server admin, the students have to close the entire ‘door’ that malicious users can enter. Server hardening does not fully protect your server, but it can mitigate the threats. The server chosen for this hands-on was Windows Server 2012 R2. They have to harden the server according to the latest version of CIS Benchmark (can be found in the attachment folder). This document will provide a detailed guideline on how to do a secure configuration to the server.  Usually, the configuration was done via the Registry (Figure 1) or the Group Policy (Figure 2).

The objective of this hands-on was to teach the students how to harden their server. Even though there were many automatic tools that can help to configure all these steps, but human interactions were still needed to make sure the configuration is correct.

Figure 1: Windows Registry

Figure 2: Windows Group Policy Management Editor


Week 3 – Penetration Testing (Capture the Flag)

In this week, the students will learn on how to do host scanning by using Nmap and Nessus Home. Nmap is usually used to discover computer hosts in a certain network and its running services. All these tools were provided in Kali Linux. Figure 3 is an example of host scanning by using Nmap.

Figure 3: Nmap Host Scanning using -A Option

Next, the students learn how to do vulnerabilities scanning by using Nessus Home. Nessus Home, developed by Tenable Network Security, is one of the famous proprietary vulnerability scanners in the world. It is free of charge for personal use but limited to only 16 IP addresses per scanner. The user will be presented with a graphical and detailed result, as shown in Figure 4 and Figure 5.

The vulnerabilities list can be clicked to see a more detailed problem with that issues. Nessus Home will tell the user on how to solve this problems and references for the user to read more about this matter.

Figure 4: Nessus Home Vulnerability Scanning

Figure 5: Nessus Home – Host Vulnerabilities List

Figure 6: Nessus Home – Vulnerability Details

After done all sort of scanning and managed to find vulnerabilities that can be exploited, it is time for penetration testing. Metasploit will be used to exploit the desired host. The program team had set up a test server that can be exploited by the student. Metasploit is a framework tool used for executing exploit/payload code to the remote target machine. The basic steps in using Metasploit to exploit a remote host include:

  • Choosing and configuring an exploit. More than 900 different exploits are listed in this framework for many OS.
  • Choosing and configuring payload. This payload will be executed after a successful entry.
  • Executing the exploit.

Same as Capture the Flag, the students had to exploit the remote targeted server and find the hidden flag. Figures below show Metasploit in action in penetrating the server.

Figure 7: Metasploit – Configuring the Exploit

Figure 8: Success Penetration using Metasploit – Open a Shell Session

Figure 9: Flag Hidden in Remote Server


Week 4 – Security Operation

As a person who involved in the Security Operations Center (SOC), they have to focus on incidents and alerts that might cause harm to the company assets. This last hands-on will teach the students how to defence from a malicious attacker by checking the Windows Server log. The logs that can be refer were Event Viewer and Firewall Logs. Figures below show the logs and its entries.

Figure 10: Unauthorised Shell Access from Outside in Event Viewer

Figure 11: Checking for Firewall Logs

Figure 12: Firewall Logs

Through these logs, the students can know if there is a malicious user trying to penetrate the server or just do heavily scanning to find available vulnerabilities. If there were many packet drops from the same address for a specific time, it might be someone trying to do port scanning to the server remotely. In addition, if there is unauthorised access in the Event Viewer, this means that someone manages to compromise the server.

 


Every Week – Extra Activities/Training

Every week, several groups of students will be assigned with a mentor each. The mentor can be a senior staff from LGMS or industries experts. The mentor tasks were to share their jobs experience, provide helps in career path, answering questions about real life problem in networks and cybersecurity, and provide additional knowledge that the students want to learn more.

Next, many experts from various fields also gave the students talks or speeches. Every cohort will have different topics. Some of the topics that had been shared in Cohort 2 included:

  • Digital Forensic
  • Penetration Tester Career
  • Difference between Managed Security Service Providers (MSSP) and SOC
  • NACSA, a government agency in cybersecurity
  • IoT Security and Standard in Malaysia
  • Car Hacking

Finally, the main objective of this program is to obtain an industry-recognised professional certification by ISACA. The students are given a week (Week 5) to study and do online assessments. Of course, the students can learn before the Week 5 if they want. The students will be given certificates as below:

  • Online Assessment Completion
  • ISACA Cybersecurity Fundamentals Certificate (If the students pass the online exam)
  • NxForce Program Completion, Signed by LGMS’s CEO and MDEC

Report by Mohamad Fakhrulradhi