Working as the security analyst for ACME Inc., you notice several events on the SGUIL dashboard. Your task is to analyze these events, learn more about them, and decide if they indicate malicious activity.
Search engines are allowed learn more about the events. Security Onion can be enabled with Internet access (recommend NAT on Adapter 1) in the Cybersecurity Operations virtual environment.
The tasks below are designed to provide some guidance through the analysis process.
You will practice and be assessed on the following skills:
o Evaluating Snort/SGUIL events.
o Using SGUIL as a pivot to launch Kibana, Bro and Wireshark for further event inspection.
o Using Google search as a tool to obtain intelligence on a potential exploit.
The SecurityOnion16.1 has a pre-recorded attack stored in it. Install this OVA as a VM in Virtual Box and answer the questions and provide the information required in this document.
You will likely need to use the internet to gather some information. To reconfigure the network interface run sosetup-network and reboot. The management interface is enp0s3 and the monitor interface is enp0s8. Use DHCP to get an address from the NAT Server on VirtualBox. Ignore the message on the SO Screen to run setup again.
Part 1: Gathering Basic Information
a. Log into Security Onion VM using with the username analyst and password cyberops.
b. Open a terminal window. Enter the sudo so-status command to verify that all the services and sensors are ready.
c. When all services are ready, log into SGUIL with the username analyst and password cyberops. Click Select All to monitor all the networks. Click Start SQUIL to continue.
d. Highlight any alerts dated 2021 and press F5 to dismiss the alters and review the remaining alerts.
e. In the SGUIL window, identify the group of events that are associated with exploit(s). This group of events are related to a single exploit.
How many events were generated by the entire exploit?
f. According to SGUIL, when did the exploit begin? When did it end? Approximately how long did it take?
g. What is the IP address of the internal computer or computers involved in the events?
h. What is the MAC address of the internal computer involved in the events? How did you find it?
i. What are some of the Source IDs of the rules that fire when the exploit occurs? Where are the Source IDs from?
j. Do the events look suspicious to you? Does it seem like the internal computer was infected or compromised? Explain.
k. What is the operating system running on the internal computer or computers?
Part 2: Learn About the Malware
a. According to Snort, why were these alerts generated (in your own words)?
b. What is type malware was delivered? Does SNORT recognize the malware?
c. Upload the malware to virtustotal.com. Do a quick Google search on the type of malware that was delivered. Summarize your findings and record them here
Part 3: Determining the Source of the Malware
a. In the context of the events displayed by SGUIL for this exploit, record below the IP addresses involved.
b. According to SGUIL, what is the IP address of the host that appears to have delivered the malware?
c. Pivoting from SGUIL, open the transcript of the transaction. What is the domain name associated with the IP address of the host that appears to have delivered the exploit?
d. What type of malware was delivered?
e. The first SGUIL event is a DNS update. Why is this event flagged as an alert?
f. The DNS update was attempted on what IP address
g. What was the result of the DNS update attempt?
h. What is your conclusion about the DNS update alert?
Part 4: Analyze Details of the Malware
a. What was the domain that delivered the malware? ________________________________________________________________________
b. Run CyberChef (it’s on the desktop) to analyse the malware (drag the file into input)? Are there any long strings of interest? What are they?
c. What is the SHA256 of the malware?
d. What type of infection is this attack? What other indicators of compromise are created by this malware?
Compelling correspondence is essential to the achievement all things considered but since of the changing idea of the present working environments, successful correspondence turns out to be more troublesome, and because of the numerous impediments that will permit beneficiaries to acknowledge the plan of the sender It is restricted. Misguided judgments.In spite of the fact that correspondence inside the association is rarely completely open, numerous straightforward arrangements can be executed to advance the effect of these hindrances.
Concerning specific contextual analysis, two significant correspondence standards, correspondence channel determination and commotion are self-evident. This course presents the standards of correspondence, the act of general correspondence, and different speculations to all the more likely comprehend the correspondence exchanges experienced in regular daily existence. The standards and practices that you learn in this course give the premise to additionally learning and correspondence.
This course starts with an outline of the correspondence cycle, the method of reasoning and hypothesis. In resulting modules of the course, we will look at explicit use of relational connections in close to home and expert life. These incorporate relational correspondence, bunch correspondence and dynamic, authoritative correspondence in the work environment or relational correspondence. Rule of Business Communication In request to make correspondence viable, it is important to follow a few rules and standards. Seven of them are fundamental and applicable, and these are clear, finished, brief, obliging, right, thought to be, concrete. These standards are frequently called 7C for business correspondence. The subtleties of these correspondence standards are examined underneath: Politeness Principle: When conveying, we should build up a cordial relationship with every individual who sends data to us.
To be inviting and polite is indistinguishable, and politeness requires an insightful and amicable activity against others. Axioms are notable that gracious “pay of graciousness is the main thing to win everything”. Correspondence staff ought to consistently remember this. The accompanying standards may assist with improving courtesy:Preliminary considering correspondence with family All glad families have the mystery of progress. This achievement originates from a strong establishment of closeness and closeness. Indeed, through private correspondence these cozy family connections become all the more intently. Correspondence is the foundation of different affiliations, building solid partners of obedient devotion, improving family way of life, and assisting with accomplishing satisfaction (Gosche, p. 1). In any case, so as to keep up an amicable relationship, a few families experienced tumultuous encounters. Correspondence in the family is an intricate and alluring marvel. Correspondence between families isn’t restricted to single messages between families or verbal correspondence.
It is a unique cycle that oversees force, closeness and limits, cohesiveness and flexibility of route frameworks, and makes pictures, topics, stories, ceremonies, rules, jobs, making implications, making a feeling of family life An intelligent cycle that makes a model. This model has passed ages. Notwithstanding the view as a family and family automatic framework, one of the greatest exploration establishments in between family correspondence centers around a family correspondence model. Family correspondence model (FCP) hypothesis clarifies why families impart in their own specific manner dependent on one another ‘s psychological direction. Early FCP research established in media research is keen on how families handle broad communications data. Family correspondence was perceived as an exceptional scholastic exploration field by the National Communications Association in 1989. Family correspondence researchers were at first impacted by family research, social brain science, and relational hypothesis, before long built up the hypothesis and began research in a family framework zeroed in on a significant job. Until 2001, the primary issue of the Family Communication Research Journal, Family Communication Magazine, was given. Family correspondence is more than the field of correspondence analysts in the family. Examination on family correspondence is normally done by individuals in brain science, humanism, and family research, to give some examples models. However, as the popular family correspondence researcher Leslie Baxter stated, it is the focal point of this intelligent semantic creation measure making the grant of family correspondence special. In the field of in-home correspondence, correspondence is normally not founded on autonomous messages from one sender to one beneficiary, yet dependent on the dynamic interdependency of data shared among families It is conceptualized. The focal point of this methodology is on the shared trait of semantic development inside family frameworks. As such, producing doesn’t happen in vacuum, however it happens in a wide scope of ages and social exchange.
Standards are rules end up being followed when performing work to agree to a given objective. Hierarchical achievement relies significantly upon compelling correspondence. So as to successfully impart, it is important to follow a few standards and rules. Coming up next are rules to guarantee powerful correspondence: clearness: lucidity of data is a significant guideline of correspondence. For beneficiaries to know the message plainly, the messages ought to be sorted out in a basic language. To guarantee that beneficiaries can without much of a stretch comprehend the importance of the message, the sender needs to impart unmistakably and unhesitatingly so the beneficiary can plainly and unquestionably comprehend the data.>