What iocs might you look for on the rest of the network

Assignment Help Other Subject

Reference no: EM133225933

Incident Case

A customer has contacted us to find out whether or not they have been successfully breached. Their organisation sent some IT personnel to a Certified Ethical Hacker course recently and one of them downloaded a practice virtual machine from a popular capture the flag website. A few weeks later it came out that the site in question had been compromised months earlier and some of the VM's web applications might have been compromised by threat actors. The threat actors planted exploits via vulnerabilities like Cross Site Scripting (XSS) on some of the practice websites. These malicious drops or "watering hole" attacks point to ip addresses controlled by threat actors and said to be hosting malicious code that could be used to take control of any computers which might visit the sites on the practice VM.

Activity Tasks

You have just been provided with a current memory dump of the machine and pcap file of traffic to and from the machine that the suspected victim/IT employee was using. Using these artifacts, answer the following questions. You will need to use tools like Wireshark, Zeek, and Volatility to answer these questions.

The suspected compromised machine is 192.168.248.100

What do you think is the ip address of the virtual machine hosting the malicious website i.e. origin of the attack?

What ip address do you think ultimately is the eventual attackers ip address?

Do there appear to be any malicious processes running on the suspected compromised device currently?

If there are, does it appear they have any active connections?

If there are active connections to any malicious processes, where are connections going to and what port are they connecting to?

Verify using virustotal.com or some other method that the files you suspect are malicious are indeed malicious and include in your report these findings.

Do you think there's any reason to believe the attacker had system level privilege at any point?

List what you would consider to be IoC's for this attack.

What IoC's might you look for on the rest of the network?

What time (time and date stamp) was the first connection between the threat actor and the victim?

Reference no: EM133225933

Questions Cloud

Draw a flowchart or write pseudocode to represent : Draw a flowchart or write pseudocode to represent the logic of a program that allows the user to enter values for the current year and the user's birth year.

Why do these words matter : What can go wrong if one company - or departments within a single company - calls a policy a procedure and another calls it a standard and yet another calls it

What is the osi layer your firewall : What is the OSI layer your firewall must operate at to understand HTTP traffic - understands IP addresses and port numbers but you need extra protection

Evaluate a comprehensive financial health : Critically appraise and evaluate, provide a comprehensive financial health check report of the company, based on its annual report.

What iocs might you look for on the rest of the network : What do you think is the ip address of the virtual machine hosting the malicious website i.e. origin of the attack - What ip address do you think ultimately

Crafting business plan and building solid strategic plan : The most important lesson YOU learned from that chapter that you would share with a business colleague explaining your reasoning for choosing

What is your motivation for learning big data techniques : What role do you think Big Data will come play in the industry and the society at large and What is your motivation for learning Big Data techniques?

Networks play in facilitating business growth : What roles do content, types, and structure of networks play in facilitating business growth?

Describes the broad variety of legitimate modern : Describes the broad variety of legitimate modern military warfare and Describe an attack on either of these in detail with real-world examples. Cite your source

User Account

All Pages