Offensive, Defensive/Mitigation Strategies and Network Forensic Analysis.

Overview

We are working as a Security Engineer, supporting the SOC infrastructure. The SOC Analyst have noticed some discrepancies with alerting in the Kibana system and the manager has asked the Security Engineering team to investigate.

We will start by confirming the newly created Kibana alerts are working, after which we will monitor live traffic on the wire to detect any abnormalitites that aren't reflected within the alerted system.

We are to report back with all finding to both SOC manager and the Engineering manager with the appropriate analysis.

Intro

Read through the Offensive, Defense, and Network Analysis files to see the work, process and finding that leads up to the final presentation.

• Offensive: To access vulnerabilities, weaknesses, and exploits to gain access to a vulnerable WordPress server and to verify that the Kibana rules work as intended.

• Defense: Implement alarms and thresholds in Elasticsearch Watcher(Kibana).

• Network Analysis: Use Wireshark to analyze and find malicious activity on the network traffic.

View the Google slide of full findings Here

Note: The presentation was created by a group represented as a Resurrected team. All documentation for offensive, defensive and network analysis are my own personal work. We were assigned to be a team to come together and bring our findings to light.