A repository of helpful materials related to Linux defence

This was originally created for the NCAE Cyber Games competition in an effort to make Illinois Institute of Technology's resources public and share our knowledge with the community, in the spirit of the competition. However, it's certainly not limited to that scope. I still use and make occasional edits to my Linux Commands Cheat Sheet to this day. Enjoy, and feel free to reach out to me with any feedback or questions!

If you're just getting started, check out the NCAE Cyber Sandbox Tutorials on YouTube that will give you an introduction to using Linux and Linux defence concepts.

Note: Where relevant, the links on this README (with the exception of NCAE checklists) are to the original Google Docs, which may be easier to read than the PDF versions in GitHub. Also, if you open them on a PC you get a nice document outline on the side that makes them very easy to navigate! Also also, I cannot guarantee the PDFs in this repo stay up-to-date, so I highly recommend using the Google Docs versions.

tl;dr use the links in this README

• Linux Commands Cheat Sheet ⇒ all the actually useful Linux commands, including the ones mentioned in the NCAE Cyber Sandbox Tutorials
  • For anyone who wants it, the Windows counterpart is here: Windows Commands Cheat Sheet
• Printing Tricks ⇒ commands related to working with command line output: grep, sed, cut, tr, etc. This is also linked in the Linux Commands Cheat Sheet for convenience
• Keyboard Shortcuts ⇒ window management, navigating history, and rerunning previous commands with select modifications, all through keyboard shortcuts

• Attack Vectors ⇒ attack vectors by service and the most basic privilege escalation attacks
• Defence Checklist ⇒ Illinois Tech's approach to cyber defence competitions
• Closing Ports (the right way) ⇒ I'm tired of people thinking a firewall is the solution to all their problems... actually remove services you don't need!
• Linux Services and Defence Cheat Sheet ⇒ all the service setup commands mentioned in the NCAE Cyber Sandbox Tutorials but in the form of a reference sheet + some defence ideas

• Linux Checklist ⇒ the "boilerplate" Linux defence checklist Illinois Tech uses for competitions - we take this one and use it to create separate checklists for each machine
• DNS Configuration ⇒ bind9 is a mess, so here are all the changes you need to make written out
• Recovery Plan ⇒ booting into recovery to reset root password and making backups of sensitive files (eg. website source code)

• iptables Template ⇒ iptables is even yuckier than bind9, so here's a template you can follow when setting up iptables rules
  • iptables is the "lowest-level" firewalling solution, and that gives it some distinct advantages over ufw or firewalld - namely, red team can just remove those when they inevitably compromise you
• Illinois Tech Practice Range Network Diagram ⇒ the practice network Illinois Tech gave to students in 2023 so they could prepare for the competition - each student got their own unique copy to play around with
  • The actual infrastructure we use for hosting our practice range is fully documented here, and if you're a visual learner you can watch this series on YouTube instead.

If you want to play around with some Python scripts I wrote for logging all command line history and monitoring logins, feel free to check out my Linux Defence Scripts repo. They're pretty basic, and if I were to rewrite them now I'd probably take a different approach, but they work!