> For the complete documentation index, see [llms.txt](https://cas-cyber.gitbook.io/cas-cybersecurity/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://cas-cyber.gitbook.io/cas-cybersecurity/start.md).

# Start

If you are looking for a practical hands-on cybersecurity education in switzerland, check-out this certificate of advanced studies course: <https://www.ost.ch/de/weiterbildung/weiterbildungsangebot/informatik/cas-cyber-security>

![](/files/RpOri7hHLFc8OlX0wYiT)

### Hacking-Lab Live CD

Most exercises can be done with the Hacking-Lab live CD. It's a modified version of Kali Linux developed by [compass security](https://www.compass-security.com/en/).

{% embed url="<https://livecd.hacking-lab.com>" %}

### Alternative Live CD

{% embed url="<https://www.kali.org/get-kali#kali-virtual-machines>" %}

{% embed url="<https://www.parrotsec.org/download/>" %}

### Changing History

<table><thead><tr><th width="156" align="center">Date</th><th>Description</th></tr></thead><tbody><tr><td align="center"><strong>20.10.21</strong></td><td><p>Chapter <a href="/pages/IJxpiTcd67QnVpBEKf1o">Crypto Exercises</a> added</p><p><a href="/pages/H7jCPu9X7NC9sU8IGwKA">Cyberchef Challenge</a> added</p></td></tr><tr><td align="center"><strong>21.10.21</strong></td><td><p><a href="/pages/Hb7d1WQ5w5aQDtw8d99W">HTB Invite Challenge</a> added</p><p><a href="/pages/cPVwF4wZltFsAc1xqEW1">Bsides London 2019 Ticket Challenge</a> added</p></td></tr><tr><td align="center"><strong>14.11.21</strong></td><td><p>Chapter <a href="/pages/01Xax6FT8pZvddzAhABf">Windows Hacking</a> added</p><p><a href="/pages/KVzJKG5foKA2Wc20nqfj">Throwback Network Challenge</a> added </p></td></tr><tr><td align="center"><strong>19.11.21</strong></td><td><a href="/pages/TpzHwyn4qFRMTkf42pof">RDP MitM Exercise</a> added</td></tr><tr><td align="center"><strong>06.02.22</strong></td><td><a href="/pages/THDElit37EPwYcFHAdux">WinAttack Lab Exercises</a> added</td></tr><tr><td align="center"><strong>07.02.22</strong></td><td><a href="/pages/NQttGxpWTYVFlba7UaJ0">Redis Server Exercise</a> added<br><a href="/pages/30FTaPUcPyqfiUjtBMBz">Print Nightmare Exercise</a> added<br><a href="/pages/aKLx4E0O1cLSCJ5r2txC">Baron Samedit Exercise</a> added</td></tr><tr><td align="center"><strong>07.02.22</strong></td><td>Chapter <a href="/pages/iAASB5kpU5YHwSxAG6ek">Threat Intelligence</a> added</td></tr><tr><td align="center"><strong>08.02.22</strong></td><td><a href="/pages/iAASB5kpU5YHwSxAG6ek">MISP Exercises</a> 1-4 added<br><a href="/pages/iAASB5kpU5YHwSxAG6ek">MISP Exercises</a> 5-8 added</td></tr><tr><td align="center"><strong>09.02.22</strong></td><td>Chapter <a href="/pages/F8TmaQoWpFMpvImD7sUX">Forensic Exercises</a> added<br><a href="/pages/eakcsTpeDNjgFlrUQGR4">Unswirl Image Challenge</a> added</td></tr><tr><td align="center"><strong>11.02.22</strong></td><td><a href="/pages/ey7L5Vyr9WVltPiWydSE">The Sleuth Kit Intro Exercise</a> added</td></tr><tr><td align="center"><strong>12.02.22</strong></td><td><a href="/pages/eLE2CC3I9BBoXOdnbznU">Filecarving with foremost Exercise</a> added<br><a href="/pages/y4oc1m6IxnRx2wC7CxjQ">Filecarving with scalpel Exercise</a> added<br><a href="/pages/NWZESnhxQu08cldojVQQ">Bulk extractor Exercise</a> added<br><a href="/pages/NmPk7GjCwaGhaIZdEVIy">Disk acquisition with dd Exercise</a> added</td></tr><tr><td align="center"><strong>13.02.22</strong></td><td><a href="/pages/Gj0HzMDWA4Y9Sb5dTKGp">Disk acquisition with dcfldd Exercise</a> added<br><a href="/pages/KMcDIdxgGgM3QYPlJxfs">Disk acqusition with ewf-tools Exercise</a> added</td></tr><tr><td align="center"><strong>15.02.22</strong></td><td><a href="/pages/exd8JKMKD3vbFQiMGCM7">Disk acquisition with FDK Imager Exercise</a> added<br><a href="/pages/GXfFU0IFN9nPBcBwcWYr">Mount disk image (raw) Exercise</a> added</td></tr><tr><td align="center"><strong>19.02.22</strong></td><td><a href="/pages/BReFIUDqtN2JMM574LQN">Unknown USB Stick Exercise</a> added<br><a href="/pages/2BUFmP8Bfg50sR0byCS8">Bitunlocker Exercise</a> added</td></tr><tr><td align="center"><strong>20.02.22</strong></td><td><a href="/pages/4OjLVnvONyHUlM8hrOis">USB Stick Filecarving Exercise</a> added</td></tr><tr><td align="center"><strong>22.02.22</strong></td><td><a href="/pages/19o4qcLduPLJZHpyd4rc">Mailheader Analysis Exercise</a> added<br><a href="/pages/9c3IloXJQ9Vt81dvVEka">Timestomping Exercise</a> added</td></tr><tr><td align="center"><strong>23.02.22</strong></td><td><a href="/pages/OJhrtQEVFqdJXPqLG6ng">Volatility Basics Exercise</a> added</td></tr><tr><td align="center"><strong>26.02.22</strong></td><td><a href="/pages/NZgdu2ynyi1cEC7mNpIW">Volatility Exercise 1</a> added</td></tr><tr><td align="center"><strong>27.02.22</strong></td><td><a href="/pages/On8P72GqfQbjxkxR8NZe">Manual Filecarving Exercise 1</a> added</td></tr><tr><td align="center"><strong>28.02.22</strong></td><td><a href="/pages/jTDR3X02uj5l3PdovAWI">Manual Filecarving Exercise 2</a> added<br><a href="/pages/ktTqAC0RVzWtMNQgmSzG">Autopsy Exercise</a> added</td></tr><tr><td align="center"><strong>09.03.22</strong></td><td>Chapter <a href="/pages/kojd3jvAo2jn8Bd4Lvia">Malware Analysis</a> added<br><a href="/pages/Pxg5xRvg6mSMoLfXVOW3">Ransomware Introduction</a> added<br><a href="/pages/vkV8Wm0ol7lhup5EBx3s">Ryuk Exercise</a> added</td></tr><tr><td align="center"><strong>20.03.22</strong></td><td><a href="/pages/ua7pkqkZEH5oLN9P96fM">Ninja-Sec Challenge</a> added</td></tr><tr><td align="center"><strong>28.03.22</strong></td><td><a href="/pages/PPywqxcdjOevG7bCMkxi">DVWA Exercises</a> added</td></tr><tr><td align="center"><strong>07.04.22</strong></td><td><a href="/pages/8ceoMcqK49oaxtMuAe70">RansomEXX Exercise</a> added<br><a href="/pages/8OGLmOR8PXWuuF49vmnC">REvil Exercise</a> added<br><a href="/pages/uSgN664ABAHQrvLazXkb">BlackMatter Exercise</a> added</td></tr><tr><td align="center"><strong>08.04.22</strong></td><td><a href="/pages/v37kbfEw2u7tDpGkxKhg">HADES Exercise</a> added<br><a href="/pages/2oVj76yr2bnZlxhEiuSD">Egregor Exercise</a> added<br><a href="/pages/rAQ6vvmujZCC808tXIkF">DoppelPaymer Exercise</a> added<br><a href="/pages/eOy4shdbMBgv1kc7o3Lp">Polkit Exercise</a> added</td></tr><tr><td align="center"><strong>11.04.22</strong></td><td>Chapter <a href="/pages/0z1k6ZKee98xIrkGdO8M">Forensic Readiness</a> added<br><a href="/pages/YCqfnCMDslz7jfVYVtns">Windows Event Log Exercise</a> added<br><a href="/pages/MZpZb9ebspecFpA5zAMj">Windows Sysmon Exercise</a> added</td></tr><tr><td align="center"><strong>13.04.22</strong></td><td><a href="/pages/GVZDSc2qst0SjUFEbL7N">Sysmon:Capture Clipboard Exercise </a>added</td></tr><tr><td align="center"><strong>23.04.22</strong></td><td><a href="/pages/O9eWHwVI1gpQPs6pQI1H">Sysmon: Process Injection Exercise</a> added</td></tr><tr><td align="center"><strong>24.04.22</strong></td><td>Chapter <a href="/pages/dEk6StzoLRprlg1sb2Gx">YARA</a> added<br><a href="/pages/dP6QFOPw3oTxqia9gmXR">YARA Install Exercise</a> added</td></tr><tr><td align="center"><strong>25.04.22</strong></td><td><a href="/pages/UUqvgDGcalbemmf5fxh0">yarGen Exercise</a> added</td></tr><tr><td align="center"><strong>30.04.22</strong></td><td><a href="/pages/Odo4WeM0VMFqKe6D2ZAt">YARA with Cyberchef Exercise</a> added</td></tr><tr><td align="center"><strong>01.05.22</strong></td><td><a href="/pages/4Dh1Q9zlaI6rya5QqhLH">TCP Dump analysis Exercise</a> added</td></tr><tr><td align="center"><strong>04.05.22</strong></td><td><a href="/pages/z2cMPTdj2L8A3ttZvQnW">Examples of Dosfuscated Scripts</a> added</td></tr><tr><td align="center"><strong>05.05.22</strong></td><td><a href="/pages/Hzh36moJ6raFN8ZYdMaO">Volatility Memorydump Exercise with yara</a> added</td></tr><tr><td align="center"><strong>15.05.22</strong></td><td>Chapter <a href="/pages/6zgWkhDfietKL58SzLcN">Network Forensics</a> added<br><a href="/pages/VSwl5EznhZIRJEZjQkqf">Tshark Exercise</a> added</td></tr><tr><td align="center"><strong>16.05.22</strong></td><td><a href="/pages/cK8vGqA90mzzQz4m5g6F">Virus Total Graph Exercise</a> added<br><a href="/pages/lV02cbjjf5r7Mp0qTkoB">RFI Incoming! Exersise</a> added</td></tr><tr><td align="center"><strong>23.05.22</strong></td><td><a href="/pages/JPncX9YtZZ2gFw8Nphrz">Chapter Live Response</a> added<br><a href="/pages/QplQ0ae6Q2QtvSsOdOfd">Velociraptor P1 Exercise</a> added</td></tr><tr><td align="center"><strong>24.05</strong>.<strong>22</strong></td><td><a href="/pages/zyv5A57NfCt6ZYQ8Izzu">Velociraptor P2 Exercise</a> added</td></tr><tr><td align="center"><strong>26.05.22</strong></td><td><a href="/pages/aRLE2dEkPDwAo0dutxrY">Velociraptor P3 Exercise</a> added</td></tr><tr><td align="center"><strong>30.05.22</strong></td><td><a href="/pages/ZZtnBCFDJUo1np9dek8v">Chapter Windows Response LAB</a> added<br><a href="/pages/qNMmy3jPpMrwpu5PmjI6">Lateral Movement Detection Exercise</a> added<br><a href="/pages/yphl7j7RySUCtvhR3csX">Detect Persistence Exercise</a> added<br><a href="/pages/daIPAwAPBlhHBW6OGvdM">Volatility Analysis Exercise</a> added</td></tr><tr><td align="center"><strong>31.05.22</strong></td><td><a href="/pages/WMpfC2SPmZ4HBEyuRyiG">Volatility3 Exercise</a> added</td></tr><tr><td align="center"><strong>04.06.22</strong></td><td><a href="/pages/Q65HdQ7Fh85131HkNSCJ">Volatility3 Exercise 2</a> added<br><a href="/pages/tvMBEyILVtwCtuFAn6cr">Volatility3 Exercise 3</a> added</td></tr><tr><td align="center"><strong>06.06.22</strong></td><td><a href="/pages/rf0NXfBLXjlLevCORgyu">Signature based Ransomware detection</a> added</td></tr><tr><td align="center"><strong>13.06.22</strong></td><td>Chapter <a href="/pages/qo4B6B9QojWkP1EClYwp">Android Malware</a> added</td></tr><tr><td align="center"><strong>20.06.22</strong></td><td>Android LAB <a href="/pages/EwQpXwzCTb3mMjQP8mCz">Setup 1</a> added</td></tr><tr><td align="center"><strong>21.06.22</strong></td><td>Android LAB <a href="/pages/YHQD1JOX1tG5Pd3jvA4z">Setup 2</a> added</td></tr><tr><td align="center"><strong>23.06.22</strong></td><td><a href="/pages/uWU0Dup5y6Rdx2RdvSZ7">Android permission Exercise</a> added</td></tr><tr><td align="center"><strong>30.06.22</strong></td><td><a href="/pages/jgef5P5K13A7aRuQhr7E">App tracing with frida</a> Exercise added</td></tr><tr><td align="center"><strong>01.07.22</strong></td><td><a href="/pages/87V4dZ9zliThilSeMo9v">AES Key decryption Exercise</a> added</td></tr><tr><td align="center"><strong>05.07.22</strong></td><td><a href="/pages/YWup0APSf7Lqa8CyawBS">Android RedAlert Exercise</a> added</td></tr><tr><td align="center"><strong>07.07.22</strong></td><td><a href="/pages/fbcT0vcKGbvHcjG9h1mQ">BlackRoseLucy Exercise</a> added<br><a href="/pages/fRrHRVQLPnHxJH3N3unU">Crackme Challenge</a> added</td></tr><tr><td align="center"><strong>14.08.22</strong></td><td><a href="/pages/eSOOO7w6rA2JgQUkjEIh">DVWA Exercises 5</a> expanded<br><a href="/pages/O4gdCaK4WmO7TnfEHtUC">DVWA Exerxices 6</a> added<br><a href="/pages/RnpljH1kLGVj3H2VIrOt">DVWA Exercises 7</a> added</td></tr><tr><td align="center"><strong>15.08.22</strong></td><td><a href="/pages/AUhG25rcozmrzREiaUa9">DVWA Exercises 8</a> added</td></tr><tr><td align="center"><strong>11.12.22</strong></td><td><a href="/pages/4wgYLScAEhqFbZuf3blX">Heartbleed Exercise</a> added</td></tr></tbody></table>

### Table of Contents

[Reconnaissance](/cas-cybersecurity/master.md)

[Docker basics and Images](/cas-cybersecurity/docker-basics.md)

[Scanning and Enumeration](/cas-cybersecurity/scanning-and-enumeration.md)

[Vulnerability Scanning and Analysis](/cas-cybersecurity/vulnerability-scanning-and-analysis.md)

[Exploitation](/cas-cybersecurity/exploitation.md)

[Man in the Middle](/cas-cybersecurity/man-in-the-middle.md)

[Windows Hacking](/cas-cybersecurity/windows-hacking.md)

[Web Application Security](/cas-cybersecurity/web-application-security.md)

[CTF and Crypto Exercises](/cas-cybersecurity/ctf-and-crypto-exercises.md)

[Threat Intelligence](/cas-cybersecurity/threat-intelligence.md)

[Forensic Exercises](/cas-cybersecurity/forensic-exercises.md)

[Malware Analysis](/cas-cybersecurity/malware-analysis.md)

[Android Malware](/cas-cybersecurity/android-malware.md)

[Forensic Readiness](/cas-cybersecurity/forensic-readiness.md)

[Live Response](/cas-cybersecurity/live-response.md)
