| Summary: | While the offensive cybersecurity training market is growing on a regular basis, the industry still lacks the focus on skills required for internal privilege escalation operations. The purpose of this project is to design and build a training system that focuses mainly on improving the escalation of privileges skills among offensive security personnel. The project aims to ultimately fill the existent skill gap when it comes to privilege escalation techniques and methodologies. This gap can negatively impact the way organizations perceives the security status of their internal digital systems. With the 'assume compromise' approach increasingly adopted by large enterprises, this project emphasizes the importance of possessing the knowledge and skills that cyber adversaries would use in a post-compromise situation in order to develop and implement the necessary countermeasures. This project proposes a system that utilizes some of the latest containerization and virtualization technologies to design and build portable and highly scalable training exercises inspired by real-world privilege escalation scenarios. The development process of the system proposed in this project will follow the Iterative and Incremental Development (IID) software development methodology. The IID methodology will divide the system into multiple increments that are developed and integrated over multiple iterations. In conclusion, this project is believed to be of a noticeable contribution to the offensive cybersecurity training industry which might open the doors to more sophisticated contributions and improvements. © 2021 IEEE.
|
|---|