Blackbox Intelligence Group
Sign in
← All modules

Cybersecurity II · Module 1

Cybersecurity II, Unit 1: Cyber I Review and Advanced Lab Orientation

Reset the lab. Re-establish the rules. Diagnose where the class is in fact and where the class thinks it is. Ship out of Day 1 with a working, segmented, validated cyber range.

Length
240 min
Level
intermediate
Track
Cyber II
Cadence
Semester 2

Career paths

Network DefenderFoundations
Unlock this module →Request a review copyTry the free pack

Download 1-page brochure (PDF)·Share with admins, parents, or your CTE director.

What's in the lesson pack

Everything you need to teach this period.

Built by an OSCP-certified instructor who teaches this material every week. Print-ready, classroom-tested, copy-paste-able.

Teacher Guide

Locked

Lesson at a glance, learning objectives, vocabulary, pacing, mini-lessons, and discussion notes.

In-browser presenter

Locked

Full themed slide deck you can run live from your laptop. Speaker notes built in. Works offline once loaded.

PowerPoint (.pptx) export

Locked

Editable slide deck for districts that mandate PowerPoint or want to customize for their LMS.

Module overview

The full lesson plan, public.

Read everything before you commit. The plan, objectives, vocabulary, standards alignment, and pacing are open. Only the print-ready deliverables are gated.

Unit 1: Cybersecurity I Review and Advanced Lab Orientation

Lesson at a glance

| Item | Detail | | --------------------- | ------------------------------------------------------------------------- | | Suggested length | 4 × 60 minutes | | Recommended placement | Week 1 of Cybersecurity II | | Prerequisite | Cybersecurity I (or equivalent) | | Materials | Workstations, hypervisor, refreshed VM images, updated Lab Safety + RoE | | Required forms | Re-signed Lab Safety Agreement (advanced edition) and Rules of Engagement |

Safety: Cyber II re-signs everything. The advanced lab will run real exploits in Unit 6 and live SOC investigations in Unit 8. The signed forms are the gate.

Standards & credential alignment

  • EHE / OffSec PEN-100 / SOC-100: bridge orientation.
  • VA CTE Advanced Cybersecurity: lab safety, professional documentation.

Learning objectives

By the end of this unit, students can:

  1. Rebuild the cyber range with a segmented multi-VM topology (attacker, target, victim, monitoring).
  2. Validate networking, snapshots, and out-of-band recovery.
  3. Re-articulate the three-question test and demonstrate updated RoE understanding.
  4. Establish documentation expectations: every action timestamped, every command logged, every snapshot named.
  5. Operate in a 2-person team with defined roles (operator, recorder).

Vocabulary refresh + new

  • Cyber range - Isolated lab environment for safe offensive/defensive practice.
  • Out-of-band - A communication or recovery path independent of the system being managed.
  • Baseline - Known-good configuration of a system.
  • Operator / Recorder - Two-person engagement roles. Operator runs commands; recorder logs everything.
  • Engagement notes - Single source of truth for an engagement; every action goes in.

Pacing

| Day | Focus | Deliverable | | --- | ------------------------------------------ | ----------------------------------------------- | | 1 | Rebuild and segment the range | Three working VMs, host-only network, snapshots | | 2 | Validate baselines | Documented baseline for Windows + Linux targets | | 3 | Documentation expectations + team workflow | Operator/recorder dry run | | 4 | Updated RoE + signing ceremony | Signed RoE on file |

Day 1 - Range topology

Build out:

[Kali attacker] --- host-only-1 (192.168.56.0/24) --- [Win10 target]
                                                  --- [Ubuntu target]
                                                  --- [SIEM/monitoring VM]

Each student team confirms:

  • All four VMs boot.
  • Each has a static or DHCP-reserved IP on the lab network.
  • All have a clean-install snapshot.
  • Inter-VM ping works in both directions.

Day 2 - Baselines

Document the known good state of the Windows and Ubuntu targets:

  • OS version, patch level
  • Local accounts (full list)
  • Listening ports (netstat -ano / ss -tlnp)
  • Running services (Get-Service / systemctl)
  • Installed software inventory
  • File hash of critical configuration files

Save as baseline-YYYY-MM-DD.md in the engagement folder. Future investigations will diff against this.

Day 3 - Operator / recorder workflow

Pair up. Roles:

  • Operator: runs commands. Says them aloud before pressing Enter ("running nmap -sV against 192.168.56.20").
  • Recorder: logs each command into the engagement notes file with timestamp. No "you should remember it" - write it down.

Practice on a simple recon dry-run. Switch roles halfway. Land the line: "In professional engagements, your notes are evidence. Treat them like it."

Day 4 - RoE re-signing ceremony

Read the advanced RoE aloud, line by line. Differences from Cyber I:

  • Authorizes exploitation, password attacks, privilege escalation inside the lab range only.
  • Authorizes use of Metasploit, Burp Suite Community, john/hashcat against teacher-issued hash sets only.
  • Mandates engagement notes for every action.
  • Establishes a "stop and call" protocol: any unexpected behavior = stop immediately, record state, get teacher.

Students sign. Both signatures (advanced RoE + advanced Lab Safety) get filed.

Common misconceptions

  • "I already did this last year." - The range needs to be rebuilt fresh; old VMs may have decayed snapshots and stale passwords. Time spent here saves the entire semester.
  • "Documentation is optional." - In professional engagements, undocumented work didn't happen. Same here.

Assessment

  • Day 1 deliverable: screenshot of all four VMs + ping success.
  • Day 2 deliverable: baseline markdown file submitted.
  • Day 3 deliverable: a sample engagement notes file from the dry run.
  • Day 4 deliverable: signed RoE on file.

Career connection

Real engagements always start with environment validation. Skipping it = false findings, missed evidence, blown engagements. Senior pen testers are the ones who insist on Day-1 baselines.

Homework / next class

Read the assigned NIST SP 800-115 sections (Penetration Testing Methodology, lab control). Be ready to discuss next class.

Ready to use this in class?

Unlock the full Cybersecurity II edition.

All teacher guides, worksheets, scenarios, quizzes, answer keys, and the in-browser presenter for every module in the track. Site-license pricing for schools and districts. Free review copies for verified educators.

View pricingRequest review copySee full curriculum