You are working as a Security Engineer for X-CORP, supporting the SOC infrastructure. The SOC analysts have noticed some discrepancies with alerting in the Kibana system and the manager has asked the Security Engineering team to investigate.
To start, your team needs to confirm that newly created alerts are working. Once the alerts are verified to be working, you will monitor live traffic on the wire to detect any abnormalities that aren't reflected in the alerting system.
You will then report back all your findings to both the SOC manager and the Engineering Manager with appropriate analysis.
-
Assess a vulnerable VM and verify that the Kibana rules work as expected.
-
Within this analysis, critical vulnerabilities are exposed of the vulnerable VM, and is shown step by step of how the pentesting has worked to gain access to each system.
-
Offensive Analysis can be accessed here: OffensiveTemplate
-
Implement alerts and thresholds that are determined to be effective.
-
This analysis contains Network Topology, description of targets, and how the monitoring of the targets are set so that the ELK can be utilized to specific point of alerts. Hardening of the systems are also shown with detailed explanation.
-
Defensive Analysis can be accessed here: DefensiveTemplate
-
Use Wireshark to analyze live malicious traffic on the wire
-
By looking at the packets within the network, found the targets whom have created custom site on the network, also found the infected machine and what they are infected with, and also found illegal downloads that were downloaded to the network.
-
Network Analysis can be accessed here: NetworkTemplate
-
Group PowerPuff
-
Decided to present Offensive side of the Project.
-
Presentation Slides can be found here: PresentationSlides
My name is Sooji Lee :)