Overview You are working as a Security Engineer for X-CORP, . The SOC Analysts have noticed some discrepancies with alerting in the Kibana system and the manager has asked the Security Engineering team to investigate. You will start by confirming that newly created Kibana alerts are working, after which you will monitor live traffic on the wire to detect any abnormalities that aren't reflected in the alerting system. You are to report back all your findings to both the SOC manager and the Engineering Manager with appropriate analysis.
Instructions This week, you will work on your final project by completing the following tasks individually:
- Defensive Security: Implement alerts and thresholds you determined would be effective in Project 2.
- Offensive Security: Assess a vulnerable VM and verify that the Kibana rules work as expected.
- Network Forensics: Use Wireshark to analyze live malicious traffic on the wire.
In addition to the above, you will be assigned to a group by your instructor on Day 1. After you complete each of the reports individually, you will work in groups to create a presentation on one aspect of the project: defensive, offensive, or networking. You will be provided templates to work on this presentation.
As in previous projects, you will have an opportunity to use this week's experience to prepare responses to a set of domain-specific interview questions. Your responses to these questions will not be graded. Instead, you are expected to use their answers to bolster the presentations that you deliver on Demo Day, following graduation. Because you will need the entirety of class to complete the project, you should expect to work on these questions only after completing project work.
Task Breakdown
The following breakdown describes the tasks you will be assigned and a recommended timeline for achieving each milestone. Day 1: Target 1 After your instructor reviews the project overview and demonstrates how to use wpscan to assess a WordPress target, you will configure alerts in Kibana and test the alerts by repeating attacks against the Capstone VM. Then, you will begin your assessment of the first vulnerable VM: Target 1.
-
Day 1: Target 1
- After your instructor reviews the project overview and demonstrates how to use wpscan to assess a WordPress target, you will configure alerts in Kibana and test the alerts by repeating attacks against the Capstone VM. Then, you will begin your assessment of the first vulnerable VM: Target 1.
-
Day 2: Target 1
- On Day 2, you will complete your assessment of Target 1. If you completed this task, you may move on to the Wireshark analysis.
-
Day 3: Analysis
- After assessing the Target 1, you will use the Kali VM to capture and analyze traffic on the virtual network with Wireshark. You will analyze the traffic to explain the actions that users are doing on the network. After analyzing Wireshark traffic, you will spend the remainder of class completing summaries of your work, and then working in groups to begin your presentations.
As emphasized in the previous project, the ability to communicate the achievements of this project and relate them to different domains is a valuable skill to have when networking and interviewing. You will once again have the option to respond to interview questions and relate the specific work they did to areas and domains of interest. Please note that, as the entirety of your time in class will be dedicated to presentations, you should answer these questions only after completing the project class. Your responses will not be graded as homework, but they can be used to bolster a Demo Day presentations after graduation. In this optional activity, you will choose a domain that you are interested in pursuing as a career. For this project, you will choose from the following domains:
- Network Security
- Logging & Monitoring
- Offensive Security
- Defensive Security: Incident Response Phases I & II If you are unsure of which domain you would like to focus on, that's ok! You can either choose the one that you are the most comfortable discussing, or you can also complete the tasks in two or three domains. For each domain, you will be provided a set of interview questions. For each question, you will be prompted to think about specific aspects or tasks you completed in Project 3 that you can use to answer the question.
Configured Kibana alerts to monitor WordPress installation, performed Host Discovery with Netdiscover, identified exposed ports with Nmap, enumerated site with WPScan and Nikto, identified Remote Code Execution vulnerability and used Code Injection exploit to open Reverse Shell with Ncat listener, conducted network forensic analysis with Wireshark.