- Lab
-
Libraries: If you want this lab, consider one of these libraries.
Infrastructure Mapping (Network & DNS)
In this lab, you will map an organization’s external attack surface using offline DNS reconnaissance data and server configuration artifacts. You will analyze artifacts gathered from a DNSDumpster export to enumerate exposed infrastructure and identify patterns in publicly discoverable assets without performing any live scanning. Working with the dataset, you will extract and organize discovered subdomains, analyze hosting ownership patterns, and validate infrastructure against documented corporate IP allocations. Through this process, you will identify an orphaned subdomain that resolves outside the organization’s approved network space, simulating a real-world exposure caused by legacy infrastructure or mismanaged DNS records. In the final phase of the lab, you will analyze web server configuration files associated with the orphaned host to determine the underlying technology stack. By reviewing Nginx and Apache configuration artifacts, you will simulate BuiltWith-style technology fingerprinting in a fully offline environment. You will then assess the security implications of the exposed system and produce a structured attack surface analysis summary. This lab simulates real-world security assessment workflows commonly performed during external attack surface mapping, threat exposure analysis, and infrastructure validation exercises. It emphasizes disciplined enumeration, contextual interpretation of DNS data, hosting pattern analysis, and technology stack identification without reliance on live tools or internet access.
Lab Info
Table of Contents
-
Challenge
Enumerate and Analyze Public DNS Infrastructure
Analyze a DNS reconnaissance export to enumerate subdomains, interpret DNS records, and identify hosting patterns in order to map the organization’s publicly exposed infrastructure.
-
Challenge
Validate Infrastructure Ownership and Identify Orphaned Assets
Analyze DNS host IP mappings against publicly derived infrastructure ownership intelligence to distinguish official corporate infrastructure from potentially misconfigured or externally hosted assets.
-
Challenge
Identify Web Technology Stack from Configuration Artifacts
Analyze web server configuration files associated with an external host to identify server software, document roots, and application technologies using offline artifacts.
-
Challenge
Document Attack Surface Findings
Evaluate the security implications of discovered infrastructure exposure and document findings within a structured attack surface assessment report.
Real skill practice before real-world application
Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.
Learn by doing
Engage hands-on with the tools and technologies you’re learning. You pick the skill, we provide the credentials and environment.
Follow your guide
All labs have detailed instructions and objectives, guiding you through the learning process and ensuring you understand every step.
Turn time into mastery
On average, you retain 75% more of your learning if you take time to practice. Hands-on labs set you up for success to make those skills stick.