Skip to content

soojilee88/-UofT-Cybersecurity_Project3

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Final Project

Overview

You are working as a Security Engineer for X-CORP, supporting the SOC infrastructure. The SOC analysts have noticed some discrepancies with alerting in the Kibana system and the manager has asked the Security Engineering team to investigate.

To start, your team needs to confirm that newly created alerts are working. Once the alerts are verified to be working, you will monitor live traffic on the wire to detect any abnormalities that aren't reflected in the alerting system.

You will then report back all your findings to both the SOC manager and the Engineering Manager with appropriate analysis.


Red Team Analysis

Pentesting Target 1 & Target 2

  • Assess a vulnerable VM and verify that the Kibana rules work as expected.

  • Within this analysis, critical vulnerabilities are exposed of the vulnerable VM, and is shown step by step of how the pentesting has worked to gain access to each system.

  • Offensive Analysis can be accessed here: OffensiveTemplate


Blue Team Analysis

Hardening of vulnerable VM

  • Implement alerts and thresholds that are determined to be effective.

  • This analysis contains Network Topology, description of targets, and how the monitoring of the targets are set so that the ELK can be utilized to specific point of alerts. Hardening of the systems are also shown with detailed explanation.

  • Defensive Analysis can be accessed here: DefensiveTemplate


Network Analysis

Normal Activity vs Malicious Activity

  • Use Wireshark to analyze live malicious traffic on the wire

  • By looking at the packets within the network, found the targets whom have created custom site on the network, also found the infected machine and what they are infected with, and also found illegal downloads that were downloaded to the network.

  • Network Analysis can be accessed here: NetworkTemplate


Presentation

  • Group PowerPuff

  • Decided to present Offensive side of the Project.

  • Presentation Slides can be found here: PresentationSlides




Author

My name is Sooji Lee :)

Releases

No releases published

Packages

No packages published

Languages