Authorized Learning Environment

BlackStride Cyber Lab

A safe, static training environment for learning cybersecurity fundamentals, enumeration, basic Nmap scanning, DNS inspection, HTTP headers, and responsible defensive testing.

Open Enumeration Guide Read Lab Scope

Mission

Build real foundations before advanced tools.

BlackStride Cyber Lab helps learners understand what defenders and security testers observe during early-stage reconnaissance. The purpose is to develop discipline, clarity, and safe testing habits while learning how to reduce unnecessary exposure.

Lab Scope

What this environment is designed for

Use this lab only for observation-focused, non-destructive learning activities. Do not test third-party systems or targets you do not own or have permission to assess.

01

DNS & Domain Review

Practice resolving hostnames, checking public DNS records, and understanding how names map to infrastructure.

02

Enumeration Basics

Learn how to observe reachable services, response behavior, ports, and basic exposure safely.

03

HTTP Header Inspection

Inspect response headers, browser-facing controls, caching behavior, and technology disclosure signals.

04

Web Exposure Awareness

Review public files, visible paths, static assets, robots.txt, sitemap.xml, and safe web attack surface examples.

Available Training Areas

Guided lab modules

Each area is designed to support beginner-friendly cybersecurity learning with clear boundaries.

Webinar Series #4

Web Attack Surface 101

Inspect public website exposure, headers, robots.txt, sitemap.xml, JavaScript hints, technology clues, and safe hardening recommendations.

Open Web101 Lab

Enumeration Lab

Basic Nmap Practice

Practice safe host checks, web port scans, service detection, and evidence collection against this authorized lab domain only.

View Nmap Guide

Visibility

Who Attacked Me?

Review lab traffic visibility and learn how defenders interpret suspicious web requests and repeated probing behavior.

View Dashboard

Enumeration Lab Guide

Basic Nmap scans for beginners

These commands are intentionally limited to the authorized lab domain and common web ports. The goal is to observe, document, and understand—not to attack.

Step 1

Set your target

Use a variable so your commands stay clean and consistent.

export TARGET=blackstridecyberlab.online
Step 2

Resolve the domain

Identify what IP address the domain resolves to.

nslookup $TARGET
Step 3

Check web reachability

Review whether the HTTPS service responds and what headers are visible.

curl -I https://$TARGET
Step 4

Scan common web ports

Check only ports 80 and 443. Do not scan all ports during beginner practice.

nmap -Pn -p 80,443 $TARGET
Step 5

Detect basic services

Compare basic port results with simple service detection.

nmap -sV -p 80,443 $TARGET
Step 6

Show scan reasoning

Use reason output to understand why Nmap reported a port as open, closed, or filtered.

nmap -Pn --reason -p 80,443 $TARGET
Important: Stay within scope. Do not run brute force scripts, vulnerability scripts, aggressive scans, full-port scans, login attempts, payload testing, or scans against systems outside this lab.

Hands-On Practice

Safe beginner commands

Run these only against this lab domain or systems where you have explicit authorization.

Resolve Domain to IP

Understand where the hostname points.

nslookup blackstridecyberlab.online

Inspect HTTP Headers

Review browser-facing headers and web server signals.

curl -I https://blackstridecyberlab.online

Review robots.txt

Check public crawler instructions.

curl https://blackstridecyberlab.online/robots.txt

Basic Web Port Scan

Limit scanning to common web ports only.

nmap -Pn -p 80,443 blackstridecyberlab.online

Basic Service Detection

Identify simple service information for open web ports.

nmap -sV -p 80,443 blackstridecyberlab.online

Review Web101 JavaScript

Observe why browser-delivered JavaScript should be treated as public.

curl https://blackstridecyberlab.online/web101/static/app.js

BlackStride Standard

Responsible use and security-by-design

This homepage is static and intentionally minimal. It does not process user input, submit forms, read cookies, call APIs, or load third-party scripts. The goal is to keep the public landing page clean, predictable, and safe for learners.

Authorized testing only. Stay within the lab scope. Avoid brute force, credential testing, destructive actions, payload testing, high-rate scanning, or testing systems you do not own.

No JavaScript on the homepage

No login or data collection form

No external CDN dependency

No dynamic file access or path handling