Step 1: Project Setup
Open a terminal. Navigate to your development directory and start Claude Code.
cd ~/dev
claude
Paste the setup prompt:
Create the folder ~/dev/cybersecurity/p4. Download the project materials from https://learnbydirectingai.dev/materials/cybersecurity/p4/materials.zip and extract them into that folder. Read CLAUDE.md -- it's the project governance file. Then run docker compose up -d to start the lab environment.
Claude creates the project folder, downloads and extracts materials, reads the governance file, and starts the Docker Compose environment. If Docker needs admin access, Claude will tell you what to run in a separate terminal.
Step 2: Verify the Lab Environment
This lab is different from what you have worked with before. Instead of a single web application, you have seven services running simultaneously.
Ask Claude to check the status:
Run docker compose ps and show me what's running.
You should see seven services: ehr-web on port 80 (the electronic health record application), ssh-server on port 22, ftp-server on port 21, vpn-sim (the VPN configuration simulator), grafana on port 3000, loki on port 3100, and alloy on port 12345.
The EHR web application is one target. SSH and FTP are separate targets with different attack vectors, different evidence, and different log signatures. This is the first time you are assessing a system with multiple service types, not just a web application.
Open a browser and navigate to http://localhost to see the EHR application login page. Then navigate to http://localhost:3000 to confirm Grafana is running and receiving logs.
Step 3: Listen to Marie-Claire's Voicemail
Open the project and listen to Marie-Claire's voicemail. She is the Executive Director of Reseau Sante du Nord -- six community health clinics across northern Haiti. Primary care, maternal health, pharmacy, diagnostics. Eighty staff.
Two years ago, a grant funded digitization. Patient records, prescriptions, test results -- all in a shared electronic system connected by VPN across six clinics. One IT person, Frantz, manages everything.
The donor -- a European health foundation funding 70% of operations -- is requiring a security assessment before renewing the grant. A partner organization in West Africa lost patient records to ransomware. Now every funded organization must prove their systems are secure.
Marie-Claire does not know what "security assessment" means technically. She knows patient records are sensitive. She knows the donor is serious.
Step 4: Message Marie-Claire
This is a supplementary client engagement. Marie-Claire's voicemail gives you substantial information, but there are gaps. You need to ask follow-up questions to understand the full picture.
Message Marie-Claire to clarify the engagement scope. Ask about the systems connecting the six clinics, what services are running, and whether there have been any recent issues.
She responds warmly but quickly -- she is between clinic visits. For technical questions, she defers to Frantz: "Ask Frantz about the VPN setup -- he manages all of that." But she is clear on what matters: "Patient records are sacred. If someone could see HIV diagnoses or pregnancy records because our system is weak, that is unacceptable. Check everything."
Step 5: Read the Scope Document
Open materials/scope-document.md. This defines what you are authorized to test.
The target surface is wider than previous projects. You have five authorized targets: the EHR web application on port 80, SSH on port 22, FTP on port 21, the VPN simulator (configuration review only), and Grafana on port 3000.
Read the pivoting rules carefully. Lateral movement between authorized services is permitted -- if credentials discovered on one service grant access to another, that access may be tested. But VPN endpoints are for configuration review only. Any discovery of services not listed must be reported, not investigated.
AI commonly suggests expanding beyond authorized scope when it finds interesting leads. Before acting on any AI suggestion, check it against the scope document.
Step 6: Explore the Lab
Take a few minutes to orient to the environment. Open the EHR application in your browser. Browse the login page. Check that Grafana's data source is configured and logs are arriving.
Do not start scanning or testing yet. Understand what you are looking at first. The next unit begins with passive reconnaissance -- gathering intelligence about the target without touching it directly.
✓ Check: All seven Docker services report healthy status via docker compose ps. EHR application responds on port 80. Grafana dashboard loads on port 3000.