Dashboard
Log Analysis
0%
Scenarios Completed: 0/20
CVSS Scoring
0%
Exercises Completed: 0/15
CVE Analysis
0%
CVEs Analyzed: 0/15
Performance Stats
Total Questions Answered: 0
Correct Answers: 0
Accuracy Rate: 0%
Best Streak: 0
Recent Activity
No recent activity. Start practicing!
Log Analysis Practice
How to Complete This Exercise
- Click "New Scenario" to load a log sample
- Carefully examine the log entries displayed - look for IP addresses, timestamps, status codes, and patterns
- Select the type of security event you believe is occurring from the options provided
- Answer any follow-up questions that appear
- Click "Submit Analysis" to check your answer and see detailed feedback
Tip: Use the difficulty and log t…
Dashboard
Log Analysis
0%
Scenarios Completed: 0/20
CVSS Scoring
0%
Exercises Completed: 0/15
CVE Analysis
0%
CVEs Analyzed: 0/15
Performance Stats
Total Questions Answered: 0
Correct Answers: 0
Accuracy Rate: 0%
Best Streak: 0
Recent Activity
No recent activity. Start practicing!
Log Analysis Practice
How to Complete This Exercise
- Click "New Scenario" to load a log sample
- Carefully examine the log entries displayed - look for IP addresses, timestamps, status codes, and patterns
- Select the type of security event you believe is occurring from the options provided
- Answer any follow-up questions that appear
- Click "Submit Analysis" to check your answer and see detailed feedback
Tip: Use the difficulty and log type filters to focus on specific areas you want to practice.
Difficulty:
Log Type:
Click "New Scenario" to begin analyzing logs...
CVSS Calculator Practice
How to Complete This Exercise
- Select your preferred CVSS Version (v3.1 or v4.0)
- Click "New Vulnerability" to load a vulnerability scenario
- Read the vulnerability description carefully
- For each metric, select the value that best matches the vulnerability based on the description
- Click "Calculate Score" to see your score and compare it to the correct answer
Tip: Use "Free Calculator" mode to practice scoring without a scenario, or to calculate CVSS scores for real vulnerabilities.
CVSS Version:
Mode:
Vulnerability Scenario
Click "New Vulnerability" to start a CVSS scoring exercise...
CVSS v3.1 Base Metrics
Exploitability Metrics
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Impact Metrics
Confidentiality (C):
Integrity (I):
Availability (A):
Your Score: – –
CVE Analysis Practice
How to Complete This Exercise
- Click "New CVE" to load a real-world vulnerability scenario
- Read the CVE description, noting the affected products, CVSS score, and vulnerability details
- Answer the questions about the vulnerability type, attack vector, and recommended mitigations
- Click "Submit Answers" to check your analysis and see the correct responses
Tip: Pay attention to keywords in the description like "remote code execution," "buffer overflow," or "SQL injection" to identify the vulnerability type.
Difficulty:
Category:
Click "New CVE" to start analyzing vulnerabilities...
Study Mode
How to Use Study Mode
- Select a topic tab above: Log Patterns, CVSS Guide, CVE Terminology, or Attack Types
- Review the reference cards - each contains examples and key indicators
- Study the example logs and patterns to recognize them in practice exercises
- Use this section as a reference while working through other modules
Tip: Review these materials before attempting the Timed Quiz to improve your scores.
Common Log Patterns
Brute Force Attack
Multiple failed login attempts from the same source IP in a short time period.
Mar 15 10:23:45 server sshd[1234]: Failed password for admin from 192.168.1.100
Mar 15 10:23:46 server sshd[1234]: Failed password for admin from 192.168.1.100
Mar 15 10:23:47 server sshd[1234]: Failed password for admin from 192.168.1.100
Key Indicators: Repeated failures, same username, rapid succession, same source IP
SQL Injection Attempt
HTTP requests containing SQL syntax in parameters or URI.
192.168.1.50 - - [15/Mar/2024:14:23:11] "GET /products?id=1'+OR+'1'='1 HTTP/1.1" 200
Key Indicators: SQL keywords (OR, UNION, SELECT), single quotes, comment sequences (–)
Port Scanning
Multiple connection attempts to different ports from the same source.
Mar 15 11:00:01 firewall DENY TCP 10.0.0.50:45123 -> 192.168.1.10:21
Mar 15 11:00:01 firewall DENY TCP 10.0.0.50:45124 -> 192.168.1.10:22
Mar 15 11:00:01 firewall DENY TCP 10.0.0.50:45125 -> 192.168.1.10:23
Key Indicators: Sequential ports, rapid timing, same source, many denied connections
Privilege Escalation
Attempts to gain elevated access using sudo or su commands.
Mar 15 15:30:22 server sudo: user1 : user NOT in sudoers ; TTY=pts/0 ; PWD=/home/user1 ; COMMAND=/bin/bash
Key Indicators: Sudoers violations, unauthorized su attempts, privilege change events
Data Exfiltration
Unusual outbound data transfers, especially to unknown destinations.
Mar 15 03:00:00 firewall ALLOW TCP 192.168.1.50:55123 -> 185.123.45.67:443 bytes=15728640
Mar 15 03:05:00 firewall ALLOW TCP 192.168.1.50:55124 -> 185.123.45.67:443 bytes=15728640
Key Indicators: Large data transfers, unusual hours, unknown external IPs, repeated transfers
Denial of Service (DoS)
Flood of requests from single or multiple sources causing service degradation.
Mar 15 12:00:00 webserver [error] server reached MaxRequestWorkers setting
Mar 15 12:00:01 webserver 10.0.0.100 "GET / HTTP/1.1" 503 Service Unavailable
Key Indicators: High request volume, 503 errors, resource exhaustion, same request patterns
CVSS Scoring Guidelines
Attack Vector (AV)
| Value | Description |
|---|---|
| Network (N) | Exploitable remotely via network (e.g., internet) |
| Adjacent (A) | Requires same network segment (e.g., LAN, Bluetooth) |
| Local (L) | Requires local access to the system |
| Physical (P) | Requires physical access to the device |
Attack Complexity (AC)
| Value | Description |
|---|---|
| Low (L) | No special conditions required; attack is repeatable |
| High (H) | Requires specific conditions, timing, or preparation |
Privileges Required (PR)
| Value | Description |
|---|---|
| None (N) | No authentication or privileges needed |
| Low (L) | Basic user-level privileges required |
| High (H) | Administrative or significant privileges required |
User Interaction (UI)
| Value | Description |
|---|---|
| None (N) | Exploit works without any user action |
| Required (R) | User must perform some action (click link, open file) |
Scope (S)
| Value | Description |
|---|---|
| Unchanged (U) | Impact limited to vulnerable component only |
| Changed (C) | Impact extends beyond vulnerable component |
Impact Metrics (C/I/A)
| Value | Description |
|---|---|
| High (H) | Total loss of confidentiality/integrity/availability |
| Low (L) | Reduced confidentiality/integrity/availability |
| None (N) | No impact to this property |
Severity Rating Scale
| Score Range | Severity |
|---|---|
| 0.0 | None |
| 0.1 - 3.9 | Low |
| 4.0 - 6.9 | Medium |
| 7.0 - 8.9 | High |
| 9.0 - 10.0 | Critical |
CVE Terminology
CVE (Common Vulnerabilities and Exposures)
A standardized identifier for publicly known cybersecurity vulnerabilities. Format: CVE-YEAR-NUMBER
CWE (Common Weakness Enumeration)
A categorization system for software and hardware weaknesses. Examples: CWE-79 (XSS), CWE-89 (SQL Injection)
NVD (National Vulnerability Database)
US government repository of vulnerability data using CVE identifiers, including CVSS scores and references.
Zero-Day
A vulnerability that is exploited before the vendor is aware or has released a patch.
PoC (Proof of Concept)
Code or method demonstrating that a vulnerability can be exploited.
RCE (Remote Code Execution)
A vulnerability allowing an attacker to execute arbitrary code on a target system remotely.
LPE (Local Privilege Escalation)
A vulnerability allowing a user to gain elevated privileges on a system they already have access to.
EPSS (Exploit Prediction Scoring System)
A model that estimates the probability that a vulnerability will be exploited in the wild.
Common Attack Types
SQL Injection (SQLi)
Inserting malicious SQL code into application queries to access or manipulate database data.
Indicators: ’ OR 1=1, UNION SELECT, –comment, encoded characters (%27)
Cross-Site Scripting (XSS)
Injecting malicious scripts into web pages viewed by other users.
Indicators: <script> tags, javascript: URIs, event handlers (onerror, onload)
Command Injection
Executing arbitrary system commands through vulnerable application inputs.
Indicators: ; | && characters, command names (cat, whoami, wget)
Path Traversal
Accessing files outside the intended directory using ../ sequences.
Indicators: ../../../, encoded dots (%2e), /etc/passwd, win.ini
Brute Force
Systematically trying all possible passwords or keys until finding the correct one.
Indicators: Multiple failed logins, dictionary words, sequential attempts
Credential Stuffing
Using leaked username/password pairs from other breaches to attempt logins.
Indicators: Failed logins for multiple usernames, varied passwords per user
DDoS (Distributed Denial of Service)
Overwhelming a target with traffic from multiple sources to cause service disruption.
Indicators: Traffic spikes, many source IPs, SYN floods, amplification patterns
Man-in-the-Middle (MITM)
Intercepting communication between two parties to eavesdrop or modify data.
Indicators: Certificate warnings, ARP anomalies, DNS redirects
Timed Quiz Mode
How to Complete the Quiz
- Configure your quiz settings: number of questions, time limit, question types, and difficulty
- Click "Start Quiz" to begin - the timer starts immediately
- Read each question carefully and select your answer before time runs out
- Click "Next" to proceed to the next question (or it auto-advances when time expires)
- After the final question, view your results and click "Review Answers" to see detailed explanations
Tip: Start with longer time limits and fewer questions, then challenge yourself with harder settings as you improve.
Quiz Configuration
Number of Questions:
Time per Question:
Question Types:
Log Analysis CVSS Scoring CVE Analysis
Difficulty: