Born out of a desire to aggressively defend business owners' right to do business without criminal interference, our mission is to actively protect our partner companies' digital infrastructure and sensitive information from all cyber threats. By engaging in continuous monitoring, thorough vulnerability assessments, and implementing advanced security measures, we strive to maintain the integrity, confidentiality, and availability of our data assets. Additionally, we are committed to promoting a culture of cybersecurity awareness and resilience.

• Project Overview
• Team Members
• Project Challenges
• Team Agreemeent
• System Selection
• Standard Operating Procedure
• Topologies/Cloud Architecture Design
• Project Management Tool
• Presentation Link

Troll Trace, a top-notch cybersecurity firm, has been hired to perform a threat emulation exercise for SimCorp, a prominent financial services provider. During this task, Troll Trace’s blue team will take on an active threat-hunting role. The team will monitor and record adversarial activities inside SimCorp's Virtual Private Cloud (VPC). This VPC will be treated as though it were a honeypot, and the blue team will observe without interfering in the adversaries' movement through the network. Blue team's objective is to rapidly uncover and rectify any gaps in detection capabilities to ensure all threats are detected. The blue team must enhance detection systems quickly while preserving the integrity of the engagement. Strategic teamwork is crucial in protecting SimCorp's systems from cyber threats.

Meet the team behind TrollTrace:

• Steve Cherewaty Github ! LinkedIn
• Omar Ardid Github ! LinkedIn
• Gilbert Collado Github ! LinkedIn

• Observe adversarial actions and collect evidence on movement and actions.
• Configure IDS rules for greater detection capabilities.
• Deploy additional threat detection tools where needed.
• Where appropriate, design and implement scripted automation for alerting.
• Generate a threat model and perform a STRIDE analysis.

You can view our Team Agreement here. This agreement outlines communication, collaboration, decision-making processes, and conflict-resolution guidelines within the team.

We selected the technology stack for Interslice based on the following criteria:

• Scalability: Choose scalable frameworks and tools to accommodate future growth and user demands.
• Performance: Prioritized technologies are known for their efficiency and speed to ensure optimal system performance.
• Ease of Use: Selected user-friendly tools to facilitate development and maintenance processes.
• Community Support: Preferred technologies with active developer communities for ongoing support and updates.

• IAM - Management of AWS resources access & permissions
• VPC - Amazon Virtual Private Cloud within which EC2 instances operate.
• VPC Flow Logs - Monitors IP traffic in and out of the VPC.
• CloudWatch - Within AWS, takes in VPC Flow Logs and organizes events.
• EC2 - Virtual machines within the VPC, acting as operating endpoints.
• Python - Automated tools used by Troll Trace are developed in Python.
• Splunk - Platform for searching mass log data.

View the full System Selection here

We follow a set of Standard Operating Procedures (SOPs) to maintain consistency and efficiency within the project:

• Adversarial Activity Observation
• Implementing Detective Controls on the Web Server
• STRIDE Analysis

Here are some visual representations of TrollTrace's architecture and topology:

We use Github Projects to track our progress and tasks. In Trello, we organize tasks into boards, lists, and cards, representing different stages of development. Each card contains a task description, assignee, due date, and checklist items.

View our live project presentation here for an overview of TrollTrace's features and functionalities.
Take a view of our project presentation slideshow here