The Cybersecurity SQL Adventure Lab offers hands-on experience in using SQL to detect potential security threats within a company’s database. This lab simulates real-world scenarios where participants analyze login attempts, investigate after-hours access, and identify potential insider threats.
The lab covers essential cybersecurity tasks such as detecting failed login attempts, identifying unusual access patterns, and cross-referencing login data with employee information. Participants learn to create comprehensive reports of login activities, helping them spot patterns and correlations that could indicate security risks.
By working through these exercises, users develop critical skills in database querying and log analysis, which are fundamental in modern cybersecurity practices. The lab emphasizes the importance of asking the right questions and interpreting data effectively, preparing participants for real-world challenges in identifying and preventing security breaches.
Let’s explore the nuts and bolts of our Cybersecurity SQL Adventure Lab. I’ll show you how to set up your own tables and throw in some sample data. Then, we’ll run through a few queries that’ll make you feel like a real cyber detective!
First, let’s create two tables: log_in_attempts
and employees
. Here's the SQL to make it happen:
CREATE TABLE log_in_attempts (
event_id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(50) NOT NULL,
login_date DATE NOT NULL,
login_time TIME NOT NULL,
country VARCHAR(50) NOT NULL,
ip_address VARCHAR(15) NOT NULL,
success BOOLEAN NOT NULL
);
CREATE TABLE employees (
employee_id INT AUTO_INCREMENT PRIMARY KEY,
device_id VARCHAR(50) NOT NULL,
username VARCHAR(50) NOT NULL,
department VARCHAR(50) NOT NULL,
office VARCHAR(50) NOT NULL
);
Now, let’s add some relevant sample data:
INSERT INTO log_in_attempts (username, login_date, login_time, country, ip_address, success) VALUES
('jsmith', '2022-05-08', '17:30:00', 'USA', '192.168.1.1', TRUE),
('ajonson', '2022-05-09', '19:15:00', 'MEX', '192.168.1.2', FALSE),
('mjohnson', '2022-05-09', '20:30:00', 'CAN', '192.168.1.3', FALSE),
('jdoe', '2022-05-10', '08:45:00', 'USA', '192.168.1.4', TRUE),
('sbrown', '2022-05-10', '22:15:00', 'UK', '192.168.1.5', FALSE);
INSERT INTO employees (device_id, username, department, office) VALUES
('D001', 'jsmith', 'Marketing', 'East-170'),
('D002', 'ajonson', 'Sales', 'North-110'),
('D003', 'mjohnson', 'Finance', 'West-223'),
('D004', 'jdoe', 'IT', 'South-045'),
('D005', 'sbrown', 'HR', 'East-180');
Now for the fun part — let’s run some queries and see what we can uncover!
SELECT * FROM log_in_attempts WHERE success = FALSE;
SELECT * FROM log_in_attempts WHERE TIME(login_time) < '09:00:00' OR TIME(login_time) > '17:00:00';
SELECT * FROM employees WHERE department = 'IT';
SELECT l.username, l.login_date, l.login_time, l.country, e.department FROM log_in_attempts l JOIN employees e ON l.username = e.username WHERE l.success = FALSE;
SELECT l.event_id, l.username, e.department, e.office, l.login_date, l.login_time, l.country, l.ip_address, CASE WHEN l.success THEN 'Success' ELSE 'Failure' END AS login_result FROM log_in_attempts l LEFT JOIN employees e ON l.username = e.username ORDER BY l.login_date, l.login_time;
This gives you a bird’s-eye view of all the action — successes, failures, and everything in between.
There you have it! With these tables, data, and queries, you’re all set to start your own cybersecurity investigation. Feel free to tweak the data or come up with your own queries. Who knows what security vulnerabilities you might uncover? Happy investigating!
These SQL skills aren’t just for practice — they’re essential tools in real-world cybersecurity. As cyber threats evolve, the ability to quickly query and analyze database logs can be the difference between detecting a breach early and discovering it too late. Whether you’re securing a small business or a large corporation, mastering these techniques will make you a more effective defender in the ongoing battle for digital security.