Cybersecurity Fundamentals – Practical Activities (Lecture 1)
Activity 1: What Are You Protecting?
Objective: Identify valuable digital assets and understand who might target them.
Instructions: Choose one of the following systems:
- University student portal
- Online banking platform
- Small business e-commerce website
For your chosen system, complete the following table:
| Asset | Potential Threat Actor | Likely Threat | Possible Vulnerability |
|---|---|---|---|
| Example: Login credentials | Insider | Credential theft | Weak or reused password |
Reflection Questions:
- Which asset is most valuable?
- Which threat seems most realistic?
- What basic control would help mitigate the risk?
Activity 2: Analysing Breach Data
Objective: Understand real-world risk exposure from leaked credentials.
Instructions: The following dataset (download) containing fake breached data: email, password, and service name. Open it using Excel, LibreOffice Calc, or a text editor.
Answer the following:
- How many weak passwords can you find (e.g. "123456", "password")?
- How many users reused the same password across different services?
- What kinds of assets are exposed?
- What does this dataset tell you about human vulnerabilities?
- Suggest 2 security controls that could reduce this risk.
Optional Extension, if feel like it: Load the dataset into Python or Google Colab and analyse frequency with code.
Activity 3: Building Your Cyber Lab
Task: Download two pre-built VMs (Kali and Meta), import them into VirtualBox, create a NAT network, attach both VMs, and verify they can communicate. Kali is the attacker/scanner and Meta is the victim/target. This prepares you for Nmap lab later.
Step 1: Open VirtualBox
- Launch VirtualBox from your applications menu.
- If VirtualBox is not installed, download it from the VirtualBox website and install it before continuing.
Step 2: Download the VMs
Download the two OVA files before you continue:
- Kali (attacker/scanner) - download the official Kali VirtualBox image from the Kali site or use the provided link: Kali OVA link here
username/password: kali/kali
- Meta (victim/target) - download the pre-built Meta OVA from the course resources or use the provided link: Meta OVA link here
username/password: msfadmin/msfadmin
Save both OVA files to a local folder.
Step 3: Import an OVA
You can import an OVA two ways:
Method 1: From VirtualBox
- In VirtualBox go to File > Import Appliance…
- Select the OVA file (Kali or Meta) → Next → Import
- Repeat for the second OVA.
Method 2: Double-click the OVA
- Double-click the OVA file in your file manager. VirtualBox will open the Import Appliance window.
- Confirm settings and click Import.
- Repeat for the second OVA.
Step 4: Boot each VM
- In VirtualBox, select the Kali VM and click Start.
- Log in with the credentials shown on the VM download page or included in the OVA notes (Kali images often use
kali/kalior follow the image instructions). - Open a terminal to confirm the VM boots.
- Repeat for the Meta VM.
Step 5: Create a second VM (if needed)
If you did not download/import a second OVA you can instead clone the first VM:
- Right-click the VM in VirtualBox → Clone…
make sure you power off the VM first
- Give it a name (for example
meta-vm) and choose Full clone → Clone - Boot the clone and confirm it starts.
Step 6 Connecting Two VMs in VirtualBox
To allow your Kali VM (attacker) and Meta VM (target) to communicate, both must be on the same virtual network. If they end up on different networks, you can create your own NAT network.
1. Create a NAT network
- In VirtualBox, go to File > Tools > Network Manager > NAT Networks.
- Click + to add a new NAT network.
- Name it
CyberLabNAT. - Enable DHCP (leave defaults).
- Click OK to save.
2. Attach both VMs to CyberLabNAT
- For each VM (Kali and Meta):
- Open Settings > Network.
- Under Adapter 1, choose:
- Attached to:
NAT Network - Name:
CyberLabNAT
- Attached to:
- Click OK.
Step 7: Boot and verify connectivity
- Start both VMs.
- On each VM open a terminal and run one of the following to find the IP address:
# shows all IP addresses and interfaces
ip a
# concise IPv4 list
hostname -i
# older utility (may require install)
ifconfig
# show routes and default gateway
ip route
# show only IPv4 for a specific interface (example: eth0)
ip -4 addr show eth0
Check that:
- Each VM has an IP address on the same subnet (for example
10.0.2.x). - From the scanning VM, test basic reachability to the target with:
ping <target-ip>
# Example
ping 4 10.0.2.5
[Extra] Internet access from your VM
The NAT network you created (CyberLabNAT) allows your virtual machines to access the internet through your host computer. This lets you update packages and download tools from inside the VM.
Test internet access (run inside the VM):
Open Terminal (black icon in the menu bar ), then try the following cmds.
# test network reachability by IP
ping -c 4 8.8.8.8
# test DNS resolution and reachability by hostname
ping -c 4 google.com
# test package manager access (Debian/Ubuntu)
sudo apt update
# test package manager access for other (meta)if the above did not work
sudo apt-get update
If these commands succeed, the VM has internet access.
If internet is not required or you want full isolation
- Change the VM network adapter to Internal Network (Settings > Network > Attached to: Internal Network).
- Alternatively detach the Adapter 1 or disable the NAT network in VirtualBox.
These options keep the VM isolated from your host network and the internet.
Activity 3: Scanning and Identifying Assets Using Nmap
Title: Scanning and Identifying Assets Using Nmap
Objective: Use Nmap to identify systems and services in a local virtualised network, understand what assets are exposed, and evaluate risk.
You will use two local VirtualBox VMs:
- Kali — attacker / scanning machine
- Meta — victim / target machine
Only scan VMs you own. Do not scan external networks.
Part A: Intro to Nmap
Nmap is a command-line network scanner used for:
- Host discovery
- Port scanning
- Service and version detection
- Basic OS fingerprinting
Why this matters: attackers map targets with tools like Nmap. Defenders should do the same to understand exposure.
Part B: Quick checks on the scanning VM
On Kali, confirm basic info:
hostname
ip a
Note your IP address and hostname.
Part C: Discover live hosts
From Kali, run a ping/host-discovery scan for your subnet. Replace the subnet with your NAT/internal subnet (example: 10.0.2.0/24).
nmap -sn 10.0.2.0/24
Questions:
- How many hosts responded?
- What are their IP addresses?
Save greppable output:
nmap -sn 10.0.2.0/24 -oG live_hosts.gnmap
Part D: Scan one target
Choose a discovered IP (for example 10.0.2.5) and run a service and version scan:
sudo nmap -sS -sV -T4 -Pn 10.0.2.5
Flags:
-sS: TCP SYN scan-sV: service/version detection-T4: faster timing-Pn: assume host is up (skip host discovery)
Save output (human and XML):
sudo nmap -sS -sV -T4 -Pn -oN scan_10.0.2.5.txt -oX scan_10.0.2.5.xml 10.0.2.5
Optional deeper scan for full TCP ports (single host; slower):
sudo nmap -sS -p- -T4 -oN full_tcp_10.0.2.5.txt 10.0.2.5
Optional aggressive scan (includes scripts and OS detection):
sudo nmap -A -T4 -oN aggressive_10.0.2.5.txt 10.0.2.5
Part E: Analyse and reflect
Fill in this table for your scanned target.
| Target IP | Open Ports | Detected Services | Risk Level (L/M/H) | Suggested Control |
|---|---|---|---|---|
| 10.0.2.5 | 22, 80 | SSH, HTTP | High | Close unused ports; enable firewall |
Answer these questions in your report:
- Which services look unnecessary or risky?
- What assets do those services expose (files, credentials, management interfaces)?
- How could an attacker use this information?
- What controls reduce exposure (patching, firewall rules, disable service, restrict access)?
Quick Nmap command reference (example subnet: 10.0.2.0/24)
All examples use the example subnet
10.0.2.0/24and target10.0.2.5. Replace these with your lab subnet/target IP as needed.
| Command (example) | What it does / When to use |
|---|---|
nmap -sn 10.0.2.0/24 | Host discovery (ping scan). Use to find live hosts on the example subnet. |
nmap -sS 10.0.2.5 | TCP SYN ("stealth") scan of common ports on a single host (10.0.2.5). Fast and less noisy than a full connect. |
sudo nmap -sS -sV 10.0.2.5 | SYN scan + service/version detection. Use when you want service names and versions for 10.0.2.5. |
sudo nmap -sS -sV -O 10.0.2.5 | Add -O to attempt OS fingerprinting (requires root). |
sudo nmap -p- 10.0.2.5 | Scan all 65,535 TCP ports on the target (slow). Use for a thorough single-host scan. |
sudo nmap --top-ports 100 10.0.2.0/24 | Scan the 100 most common ports across the example subnet — faster than scanning all ports. |
sudo nmap -A 10.0.2.5 | Aggressive scan: runs version detection, OS detection and default NSE scripts. Good for lab use; intrusive. |
sudo nmap -sU -p 53,69,123 10.0.2.5 | UDP scan for specific ports (UDP scanning is slower and noisier). |
nmap -sn -oG live.gnmap 10.0.2.0/24 | Save greppable output of host discovery to live.gnmap for quick parsing. |
sudo nmap -sS -sV -oN output.txt -oX output.xml 10.0.2.5 | Save results in normal (output.txt) and XML (output.xml) formats for reporting and parsing. |
sudo nmap --script smb-enum-shares -p445 10.0.2.5 | Run a specific NSE script (here: list SMB shares). Only run scripts on lab VMs. |
sudo nmap -sS -T4 --max-retries 2 10.0.2.5 | Faster timing (-T4) and fewer retries; useful when you want speed and can accept some packet loss. |
nmap -Pn 10.0.2.5 | Skip host discovery and treat host as up (useful if ICMP is filtered). |
nmap -oA project_scan 10.0.2.5 | Save in all formats at once (project_scan.nmap, .gnmap, .xml). Convenient for lab submissions. |
nmap --reason -v 10.0.2.5 | Verbose output with reasons why ports are shown open/filtered (helps interpretation). |
sudo nmap --script vuln 10.0.2.5 | Run a group of vulnerability-checking NSE scripts (intrusive — run only on your VMs). |
Note: these examples use 10.0.2.0/24 and 10.0.2.5 for clarity. Replace them with your actual lab subnet or target IP when running commands.