Featured resource
pluralsight tech forecast
2025 Tech Forecast

Which technologies will dominate in 2025? And what skills do you need to keep up?

Check it out
Hamburger Icon
  • Labs icon Lab
  • Security
Google Cloud Platform icon
Labs

Hunting for Internal Reconnaissance

In this lab, you’ll practice detecting internal reconnaissance and network scanning on a Linux endpoint. You will begin by investigating suspicious user and system activity, including user enumeration, privilege escalation attempts, and suspicious processes. Then, you’ll extend your analysis to detect network scanning and lateral movement by examining open ports, network connections, and logs. When you’re finished, you’ll have hands-on experience identifying reconnaissance activities, detecting malicious network behavior, and reporting your findings to enhance system security.

Google Cloud Platform icon
Labs

Path Info

Level
Clock icon Beginner
Duration
Clock icon 45m
Published
Clock icon Nov 18, 2024

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Table of Contents

  1. Challenge

    Getting Started in the Lab Environment

    Here are the initial instructions and explanation of the lab environment. Read this while your environment is busy creating itself from nothing. Yes, this violates physics; we know. How fun!

  2. Challenge

    Investigating Suspicious User and System Activity

    To start the lab, you will explore how to detect signs of internal reconnaissance by examining suspicious user and system activity on a Linux endpoint. You will identify potential attempts to gather information about users, escalate privileges, or access sensitive files. Additionally, you will search logs for suspicious processes, login attempts, and hidden files that could indicate an attacker’s presence.

  3. Challenge

    Detecting Network Scanning and Lateral Movement

    Building on the previous challenge, you will detect signs of network scanning and lateral movement from a Linux endpoint. In this challenge, you will investigate network activity to detect scanning behavior, unauthorized connections, and attempts to explore the internal network. You will also check firewall logs, network interfaces, and temporary files for suspicious tools and connections that indicate an ongoing attack.

  4. Challenge

    The Last Challenge

    Welcome to the final challenge! This is your last chance to experiment in the environment. Clicking Finish Lab will end this little world that flittered into existence just for you.

Sean Wilkins is an accomplished networking consultant and writer for infoDispersion (www.infodispersion.com) who has been in the IT field for over 20 years working with several large enterprises.

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Provided environment for hands-on practice

We will provide the credentials and environment necessary for you to practice right within your browser.

Guided walkthrough

Follow along with the author’s guided walkthrough and build something new in your provided environment!

Did you know?

On average, you retain 75% more of your learning if you get time for practice.