Learn by Directing AI
Chat with Jean-Marc RasoanaivoAsk questions, get feedback, discuss the project

The Brief

Jean-Marc Rasoanaivo runs Baobab Bay Lodge, a small eco-lodge on Nosy Be, Madagascar. A friend's hotel in Mauritius was recently hacked through their booking system. Jean-Marc doesn't know if his own site is safe. His booking page stores guest passport numbers, his developer moved to France six months ago, and whale season is coming — he can't take the site offline.

He wants someone to check his booking system and tell him what needs fixing, in language he can understand.

Your Role

You're doing a security assessment of Jean-Marc's booking site. You'll work through the engagement from both sides — testing whether the site can be exploited, then switching to the defender's view to see what that attack looks like in the logs. By the end, Jean-Marc gets a report explaining what you found and what to fix.

Everything is provided for this one. Scope document, attack methodology, detection templates, remediation guidance, report template — all of it. Your job is to direct Claude through each phase and verify the results. Claude runs the tools. You decide whether the output is right.

What's New

This is the first project, so everything is new ground.

You'll direct an AI agent through a real security assessment workflow — scanning, exploiting, detecting, fixing. The interesting part is the perspective shift. The same SQL injection looks completely different depending on whether you're the attacker running sqlmap or the defender reading access logs in Grafana. That dual view is the core of what makes this work.

The hard part isn't running the tools. It's catching when Claude gets something wrong. Claude will suggest fixes that look correct but don't hold up when you re-test. It will report uncertain results as confirmed findings. It will suggest scanning things that aren't in scope. Your verification is what makes the difference between output that was produced and output that was checked.

Tools

  • Docker — runs the target application (DVWA) and the monitoring stack (Grafana, Loki, Alloy)
  • Nmap — network scanning and port/service discovery
  • sqlmap — SQL injection testing
  • Grafana — viewing logs and alerts from the defender's side
  • Claude Code — AI agent directing all tool execution
  • Git/GitHub — version control and project submission

Materials

You'll receive a complete set of project materials:

  • Scope document defining what you're authorized to assess
  • TTP selection document and step-by-step attack methodology
  • Sigma rule template for detection engineering
  • Remediation guidance document
  • Hardening checklist
  • Report template for Jean-Marc
  • DVWA Docker environment (the target application)
  • Grafana/Loki/Alloy monitoring stack (the defender's view)
  • Project governance file

Materials

View all →
riveralloy-config.rivermdattack-methodology.mdmdCLAUDE.mdmdclient-email.mdymldocker-compose.ymlymlloki.ymlmdhardening-checklist.mdmdremediation-guidance.mdmdreport-template.mdmdscope-document.mdymlsigma-rule-template.ymlmdttp-selection.md
Start: The Brief and the Lab