The Docker Security Playground: A hands-on approach to the study of network security

Perrone, Gaetano; Romano, Simon Pietro

doi:10.1109/iptcomm.2017.8169747

Cited by 10 publications

(5 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In contrast to HTB, we proposed the Docker Security Playground (DSP) [13], a self-hosted cyber range. The local installation is possible because DSP reduces the hardware resource utilization by deploying vulnerable scenarios in lightweight containers.…”

Section: Related Workmentioning

confidence: 99%

ExploitWP2Docker: a Platform for Automating the Generation of Vulnerable WordPress Environments for Cyber Ranges

Caturano¹,

D’Ambrosio²,

Perrone³

et al. 2022

Preprint

View full text Add to dashboard Cite

A cyber range is a realistic simulation of an organization's network infrastructure, commonly used for cyber security training purposes. It provides a safe environment to assess competencies in both offensive and defensive techniques. An important step during the realization of a cyber range is the generation of vulnerable machines. This step is challenging and requires a laborious manual configuration. Several works aim to reduce this overhead, but the current state-of-the-art focuses on generating network services without considering the effort required to build vulnerable environments for web applications. A cyber range should represent a real system, and nowadays, almost all the companies develop their company site by using WordPress, a common Content Management System (CMS), which is also one of the most critical attackers' entry points. The presented work proposes an approach to automatically create and configure vulnerable WordPress applications by using the information presented in public exploits. Our platform automatically extracts information from the most well-known publicly available exploit database in order to generate and configure vulnerable environments. The container-based virtualization is used to generate lightweight and easily deployable infrastructures. A final evaluation highlights promising results regarding the possibility of automating the generation of vulnerable environments through our approach.

show abstract

Section: Related Workmentioning

confidence: 99%

ExploitWP2Docker: a Platform for Automating the Generation of Vulnerable WordPress Environments for Cyber Ranges

Caturano¹,

D’Ambrosio²,

Perrone³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Here, we present a subset of previous works that are the most relevant to the PocketCTF approach. The idea of using LXC containers or Dockers instead of virtual machines for CTF labs has been under research over the last few years [11,30]. More specifically, Irvine et al introduced a framework for parameterizing cybersecurity labs by using Docker containers instead of virtualization technologies [24].…”

Section: Related Workmentioning

confidence: 99%

“…In the past, creating authentic computer security scenarios has been identified as a very demanding and challenging task that requires a great deal of effort from educators and lab personnel [10]. In addition, the learning outcomes from using hands-on practices need to follow curriculum guidelines or frameworks that address the required collaborative activities in cybersecurity within the industry, government, and academic institutions [2,10,11]. What is more, educators are usually in need of a way to provide customized challenges according to the courses and to privately maintain the overall learning process.…”

Section: Introductionmentioning

confidence: 99%

“…What is more, educators are usually in need of a way to provide customized challenges according to the courses and to privately maintain the overall learning process. In this direction, open virtual labs can better support the educator requisites, such as Vulnhub [12], which is an open repository that provides hands-on lab cybersecurity exercises as virtual images [3,11,13]. Similarly, the SEED labs [14,15] maintain virtual labs, and ENISA CSIRT [16] publishes training labs in the form of virtual images to support hands-on training sessions along with instructive materials [6].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

PocketCTF: A Fully Featured Approach for Hosting Portable Attack and Defense Cybersecurity Exercises

et al. 2021

View full text Add to dashboard Cite

Capture the flag (CTF) challenges are broadly used for engaging trainees in the technical aspects of cybersecurity, maintaining hands-on lab exercises, and integrating gamification elements. However, deploying the appropriate digital environment for conducting cybersecurity exercises can be challenging and typically requires a lot of effort and system resources by educators. In this paper, we present PocketCTF, an extensible and fully independent CTF platform, open to educators to run realistic virtual labs to host cybersecurity exercises in their classrooms. PocketCTF is based on containerization technologies to minimize the deployment effort and to utilize less system resources. A proof-of-concept implementation demonstrates the feasibility of deploying CTF challenges that allows the trainees to engage not only in offensive security but also in defensive tasks that have to be conducted during cybersecurity incidents. When using PocketCTF, educators can deploy hands-on labs, spending less time on the deployment and without necessarily having the advanced technical background to deploy complex labs and scenarios.

show abstract

“…For conducting the learning phase, a variety of implemented challenges were used (Perrone and Romano, 2017) such as Metasploitable [5], damn vulnerable Web application [6] and Webgoat [7]. In our case, we used the challenges presented in Table 1.…”

Section: A Virtual Cybersecurity Learning Environment Based On Capture the Flag Challengesmentioning

confidence: 99%

Adapting CTF challenges into virtual cybersecurity learning environments

Karagiannis

Magkos

2020

ICS

View full text Add to dashboard Cite

Purpose This paper aims to highlight the potential of using capture the flag (CTF) challenges, as part of an engaging cybersecurity learning experience for enhancing skills and knowledge acquirement of undergraduate students in academic programs. Design/methodology/approach The approach involves integrating interactivity, gamification, self-directed and collaborative learning attributes using a CTF hosting platform for cybersecurity education. The proposed methodology includes the deployment of a pre-engagement survey for selecting the appropriate CTF challenges in accordance with the skills and preferences of the participants. During the learning phase, storytelling elements were presented, while a behavior rubric was constructed to observe the participants’ behavior and responses during a five-week lab. Finally, a survey was created for getting feedback from the students and for extracting quantitative results based on the attention, relevance, confidence and satisfaction (ARCS) model of motivational design. Findings Students felt more confident about their skills and were highly engaged to the learning process. The outcomes in terms of technical skills and knowledge acquisition were shown to be positive. Research limitations/implications As the number of participants was small, the results and information retrieved from applying the ARCS model only have an indicative value; however, specific challenges to overcome are highlighted which are important for the future deployments. Practical implications Educators could use the proposed approach for deploying an engaging cybersecurity learning experience in an academic program, emphasizing on providing hands-on practice labs and featuring topics from real-world cybersecurity cases. Using the proposed approach, an educator could also monitor the progress of the participants and get qualitative and quantitative statistics regarding the learning impact for each exercise. Social implications Educators could demonstrate modern cybersecurity topics in the classroom, closing further the gap between theory and practice. As a result, students from academia will benefit from the proposed approach by acquiring technical skills, knowledge and experience through hands-on practice in real-world cases. Originality/value This paper intends to bridge the existing gap between theory and practice in the topics of cybersecurity by using CTF challenges for learning purposes and not only for testing the participants’ skills. This paper offers important knowledge for enhancing cybersecurity education programs and for educators to use CTF challenges for conducting cybersecurity exercises in academia, extracting meaningful statistics regarding the learning impact.

show abstract

The Docker Security Playground: A hands-on approach to the study of network security

Cited by 10 publications

References 0 publications

ExploitWP2Docker: a Platform for Automating the Generation of Vulnerable WordPress Environments for Cyber Ranges

ExploitWP2Docker: a Platform for Automating the Generation of Vulnerable WordPress Environments for Cyber Ranges

PocketCTF: A Fully Featured Approach for Hosting Portable Attack and Defense Cybersecurity Exercises

Adapting CTF challenges into virtual cybersecurity learning environments

Contact Info

Product

Resources

About